Rewterz Threat Advisory – ICS: B&R Automation Studio Multiple Vulnerabilities
April 8, 2020Rewterz Threat Alert – Pekraut-RAT Used for Reconnaissance
April 8, 2020Rewterz Threat Advisory – ICS: B&R Automation Studio Multiple Vulnerabilities
April 8, 2020Rewterz Threat Alert – Pekraut-RAT Used for Reconnaissance
April 8, 2020Severity
Medium
Analysis Summary
A non-persistent XSS (cross-site scripting) vulnerability exists. An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.
Impact
Cross-site Scripting
Affected Vendors
HMS Networks
Affected Products
- eWON Flexy All firmware versions prior to 14.1s0
- eWON Cosy All firmware versions prior to 14.1s0
Remediation
HMS Networks recommends users update to latest firmware, Version 14.1s0