Rewterz Threat Advisory – ICS: CVE-2019-10923 – Siemens Industrial Real-Time (IRT) Devices Improper Input Validation Vulnerability
February 12, 2020Rewterz Threat Advisory – ICS: Synergy Systems & Solutions HUSKY RTU
February 13, 2020Severity
High
Analysis Summary
Analysis Summary
This update fixes twenty-one vulnerabilities in Adobe Framemaker.
| Vulnerability Category | Severity | CVE Numbers |
| Buffer Error | Critical | CVE-2020-3734 |
| Heap Overflow | Critical | CVE-2020-3731CVE-2020-3735 |
| Memory Corruption | Critical | CVE-2020-3739CVE-2020-3740 |
| Out-of-Bounds Write | Critical | CVE-2020-3720CVE-2020-3721CVE-2020-3722CVE-2020-3723CVE-2020-3724CVE-2020-3725CVE-2020-3726CVE-2020-3727CVE-2020-3728CVE-2020-3729CVE-2020-3730CVE-2020-3732CVE-2020-3733CVE-2020-3736CVE-2020-3737CVE-2020-3738 |
This update resolved seventeen vulnerabilities in Adobe Acrobat and Reader.
| Vulnerability Category | Severity | CVE Number |
|---|---|---|
| Out-of-Bounds Read | Important | CVE-2020-3744CVE-2020-3747CVE-2020-3755 |
| Heap Overflow | Critical | CVE-2020-3742 |
| Buffer Error | Critical | CVE-2020-3752CVE-2020-3754 |
| Use After Free | Critical | CVE-2020-3743CVE-2020-3745CVE-2020-3746CVE-2020-3748CVE-2020-3749CVE-2020-3750CVE-2020-3751 |
| Stack exhaustion | Moderate | CVE-2020-3753 CVE-2020-3756 |
| Privilege Escalation | Critical | CVE-2020-3762CVE-2020-3763 |
A new update for Adobe Flash Player is available that fixes a Critical arbitrary code execution vulnerability.
| Vulnerability Category | Severity | CVE Number |
| Type Confusion | Critical | CVE-2020-3757 |
Two vulnerabilities in Adobe Digital Editions have been fixed that could lead to information disclosure and arbitrary code execution.
| Vulnerability Category | Severity | CVE Numbers |
| Buffer Errors | Important | CVE-2020-3759 |
| Command Injection | Critical | CVE-2020-3760 |
Adobe fixes a denial of service vulnerability in Adobe Experience Manager.
| Vulnerability Category | Severity | CVE Number |
| Uncontrolled Resource Consumption | Important | CVE-2020-3741 |
Impact
- Denial of Service
- Information Disclosure
- Arbitrary code execution
- Memory Leak
Affected Vendors
Adobe
Affected Products
- Adobe Framemaker 2019.0.4 and below
- Acrobat DC & Acrobat Reader DC 2019.021.20061 and earlier versions for Windows & macOS
- Adobe Flash Player Desktop Runtime 32.0.0.321 and earlier for Windows and macOS
- Adobe Flash Player Desktop Runtime 32.0.0.314 and earlier for Linux
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.255 and earlier for Windows 10 and 8.1
- Adobe Digital Editions 4.5.10 and below for Windows
- Adobe Experience Manager 6.5 and 6.4 for all platforms
- Acrobat & Acrobat Reader 2015.006.30508 and earlier versions for Windows & macOS
- Acrobat for Windows 2017 & Acrobat Reader for MacOS 2017 2017.011.30156 and earlier versions
- Adobe Flash Player for Google Chrome 32.0.0.321 and earlier for Windows macOS Linux and Chrome OS
Remediation
Apply following updates:
- Adobe Framemaker 2019.0.5
- The latest version of Adobe Acrobat and Reader.
- Adobe Flash Player 32.0.0.330
- Adobe Digital Editions 4.5.11
- Latest version of Adobe Experience Manager