Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Operator Terminal Expert
May 26, 2020Rewterz Threat Alert – Fake Zoom Installers Hiding Zapiz Backdoor and Devil Shadow
May 28, 2020Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Operator Terminal Expert
May 26, 2020Rewterz Threat Alert – Fake Zoom Installers Hiding Zapiz Backdoor and Devil Shadow
May 28, 2020Severity
Medium
Analysis Summary
A vulnerability exists in Device Library Wizard in the affected product versions listed. It creates a file that contains confidential data that could be read by low privileged users. This could allow the attacker to take control of one or multiple system nodes.
Impact
Exposure of sensitive data
Affected Vendors
ABB
Affected Products
- ABB Device Library Wizard versions 6.0.X
- ABB Device Library Wizard versions 6.0.3.1
- ABB Device Library Wizard versions 6.0.3.2
Remediation
ABB recommends that customers apply the update,
- Device Library Wizard version 6.0.3.2 RU1
- Device Library Wizard version 6.0.3.3
- Device Library Wizard version 6.1.X onwards