November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Watchbog – Cryptomining and Lateral Movement
September 17, 2019Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server Multiple Vulnerabilities
September 18, 2019Rewterz Threat Alert – Watchbog – Cryptomining and Lateral Movement
September 17, 2019Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server Multiple Vulnerabilities
September 18, 2019
Severity
High
Analysis Summary
CVE-2019-13558
An exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2019-13552
Multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-13556
Multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-13550
An improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
Impact
- Remote code execution
- System crash
Affected Vendors
Advantech
Affected Products
WebAccess Versions 8.4.1 and prior
Remediation
Update to version 8.4.2
https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download