Rewterz Threat Advisory – ICS: Treck TCP/IP Stack Multiple Vulnerabilities
August 26, 2020Rewterz Threat Alert – Phishing Campaign Targeting Pakistani Users
August 27, 2020Rewterz Threat Advisory – ICS: Treck TCP/IP Stack Multiple Vulnerabilities
August 26, 2020Rewterz Threat Alert – Phishing Campaign Targeting Pakistani Users
August 27, 2020Severity
Medium
Analysis Summary
Emerson’s OpenEnterprise SCADA software has Inadequate Encryption Strength. Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems. This may result in security bypass.
Impact
Security Bypass
Affected Vendors
Emerson
Affected Products
OpenEnterprise All versions through 3.3.5
Remediation
Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 6 (3.3.6), to resolve this issue. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required).