Rewterz Threat Alert – Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
June 25, 2020Rewterz Threat Advisory – CVE-2020-14476 – ICS: Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules
June 26, 2020Rewterz Threat Alert – Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
June 25, 2020Rewterz Threat Advisory – CVE-2020-14476 – ICS: Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules
June 26, 2020Severity
High
Analysis Summary
A remote, unauthenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
Impact
Denial of service
Affected Vendors
Rockwell Automation
Affected Products
FactoryTalk Services Platform Versions 6.11.00 and earlier
Remediation
Affected users are encouraged to use Rockwell Automation Knowledgebase article 25612.