Rewterz Threat Advisory – ICS: Johnson Controls System Configuration Tool (SCT) Vulnerabilities
February 13, 2023Rewterz Threat Alert – Aurora Stealer – Active IOCs
February 13, 2023Rewterz Threat Advisory – ICS: Johnson Controls System Configuration Tool (SCT) Vulnerabilities
February 13, 2023Rewterz Threat Alert – Aurora Stealer – Active IOCs
February 13, 2023Severity
High
Analysis Summary
CVE-2023-25164 CVSS:8.6
Node.js @tinacms/cli module could allow a remote attacker to obtain sensitive information, caused by the storage of sensitive values in process.env var. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-25164
Affected Vendors
Node.js
Affected Products
- Node.js @tinacms/cli 1.0.0
- Node.js @tinacms/cli 1.0.8
Remediation
Refer to @tinacms/cli GIT Repository for patch, upgrade or suggested workaround information.