Rewterz Threat Advisory – ICS: Rockwell Automation EDS Subsystem Denial of Service Vulnerability
May 20, 2020Rewterz Threat Alert – Self-Hiding Eleethub Mining Botnet
May 20, 2020Rewterz Threat Advisory – ICS: Rockwell Automation EDS Subsystem Denial of Service Vulnerability
May 20, 2020Rewterz Threat Alert – Self-Hiding Eleethub Mining Botnet
May 20, 2020Severity
High
Analysis Summary
CVE-2020-10640
The affected components may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
CVE-2020-10632
Inadequate folder security permissions may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
CVE-2020-10636
Inadequate encryption may allow the passwords for OpenEnterprise user accounts to be obtained.
Impact
- Missing Authentication for Critical Function
- Improper Ownership Management
- Inadequate Encryption Strength
Affected Vendors
Emerson
Affected Products
OpenEnterprise all versions through 3.3.4
Remediation
Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5).