November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz threat Advisory – CVE-2019-0542 – Red Hat update for Red Hat Openshift Container Platform
June 12, 2019Rewterz Threat Advisory – ICS: Siemens Siveillance VMS Multiple Vulnerabilities
June 13, 2019Rewterz threat Advisory – CVE-2019-0542 – Red Hat update for Red Hat Openshift Container Platform
June 12, 2019Rewterz Threat Advisory – ICS: Siemens Siveillance VMS Multiple Vulnerabilities
June 13, 2019
Severity
Medium
Analysis Summary
CVE-2019-10925
An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver.
CVE-2019-10926
Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position.
Impact
- Improper Privilege Management
- Cleartext Transmission of Sensitive Information
Affected Vendors
Siemens
Affected Products
SIMATIC Ident MV420 and MV440 Families
Remediation
Vendor has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- By setting the DISA bit, changes to the project by logged-in users can be prevented.
Please refer to the Operating Instructions for more details: https://support.industry.siemens.com/cs/us/en/view/84553392