Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
August 11, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 11, 2021Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
August 11, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 11, 2021Severity
High
Analysis Summary
CVE-2020-9272
The affected products are vulnerable to an out-of-bounds read vulnerability in mod_cap via the cap_text.ccap_to_text function, which could lead to information disclosure.
CVE-2020-9273
A malicious attacker could corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free condition in alloc_pool in pool.c, which could lead to remote code execution.
Impact
- Information Disclosure
- Code Execution
Affected Vendors
Siemens
Affected Products
- SIMATIC NET CP 1543-1
- SIMATIC NET CP 1545-1: All versions
Remediation
Refer to CISA advisory for the complete list of affected products and their respective patches at: