Rewterz Threat Alert – Watchbog – Cryptomining and Lateral Movement
September 17, 2019Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server Multiple Vulnerabilities
September 18, 2019Rewterz Threat Alert – Watchbog – Cryptomining and Lateral Movement
September 17, 2019Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server Multiple Vulnerabilities
September 18, 2019Severity
High
Analysis Summary
CVE-2019-13558
An exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2019-13552
Multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-13556
Multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-13550
An improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
Impact
- Remote code execution
- System crash
Affected Vendors
Advantech
Affected Products
WebAccess Versions 8.4.1 and prior
Remediation
Update to version 8.4.2
https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download