Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 28, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 29, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 28, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 29, 2021Severity
High
Analysis Summary
CVE-2020-13987
Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices are vulnerable to a denial of service, caused by improper validation of the length fields of packet headers. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an out-of-bounds memory read during the checksum computation resulting in a denial of service condition.
CVE-2020-17438
Multiple open-source embedded TCP/IP stacks, commonly used in the Internet of Things (IoT) and embedded devices could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of the total length of an incoming packet specified in the IP header. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Gain Access
Affected Vendors
B&R
Affected Products
- B&R Track Technology
- B&R Ethernet-based Bus Controllers
- B&R Ethernet-based Customized HMI devices
- B&R Motion Control
Remediation
For Further information regarding patches refer to https://www.br-automation.com/en/service/cyber-security/