Rewterz Threat Alert – Fake Zoom Installers Hiding Zapiz Backdoor and Devil Shadow
May 28, 2020Rewterz Threat Advisory – CVE-2020-9046 – ICS: Johnson Controls Kantech EntraPass
May 28, 2020Rewterz Threat Alert – Fake Zoom Installers Hiding Zapiz Backdoor and Devil Shadow
May 28, 2020Rewterz Threat Advisory – CVE-2020-9046 – ICS: Johnson Controls Kantech EntraPass
May 28, 2020Severity
High
Analysis Summary
CVE-2020-12004
The affected product lacks proper authentication required to query the server.
CVE-2020-10644
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data.
CVE-2020-12000
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data.
Impact
- Missing Authentication for Critical Function
- Deserialization of Untrusted Data
Affected Vendors
Inductive Automation
Affected Products
Inductive Automation Ignition 8 Gateway versions prior to 8.0.10
Remediation
Inductive Automation recommends upgrading the Ignition software to v8.0.10.