March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory –Multiple Juniper Networks Junos OS and Junos OS Evolved Vulnerabilities

January 16, 2023

Rewterz Threat Advisory – ICS: Siemens JT Open Toolkit, JT Utilities, and Solid Edge Vulnerability

January 16, 2023

Rewterz Threat Advisory – ICS: Multiple Hitachi Energy Vulnerabilities

January 16, 2023

Severity

High

Analysis Summary

CVE-2022-2155 CVSS:5.7

Hitachi Energy Lumada APM could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the access control mechanism implementation on the Limited Engineer role. By sending a specially crafted request, an attacker could exploit this vulnerability to access to any installed Power BI reports and manipulate asset data.

CVE-2022-3929 CVSS:8.3

Hitachi Energy FOXMAN-UN and UNEM could allow a local attacker to obtain sensitive information, caused by cleartext transmission of sensitive information. A local attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-40342 CVSS:7.1

Hitachi Energy FOXMAN-UN and UNEM could allow a local attacker to obtain sensitive information, caused by using a DES implementation with a default key for encryption. A local attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-40341 CVSS:7.1

Hitachi Energy FOXMAN-UN and UNEM could allow a local attacker to obtain sensitive information, caused by using the DES cypher to encrypt user credentials. A local attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-3927 CVSS:8

Hitachi Energy FOXMAN-UN and UNEM could provide weaker than expected security, caused by the use of hard-coded cryptographic Key. A remote authenticated attacker could exploit this vulnerability to change the CPS file and sign it.

Impact

Security Bypass
Information Disclosure
Data Manipulation

Indicators Of Compromise

CVE

CVE-2022-2155
CVE-2022-3929
CVE-2021-40342
CVE-2021-40341
CVE-2022-3927

Affected Vendors

Hitachi Energy

Affected Products

Hitachi Energy Lumada APM 6.4.220601.0 SaaS
Hitachi Energy Lumada APM 6.4.0 On Premises
Hitachi Energy FOXMAN-UN R16AHitachi Energy FOXMAN-UN R15B
Hitachi Energy FOXMAN-UN R15AHitachi Energy FOXMAN-UN R14B
Hitachi Energy UNEM R9CHitachi Energy UNEM R15A
Hitachi Energy UNEM R10CHitachi Energy UNEM R11B
Hitachi Energy UNEM R14AHitachi Energy UNEM R11A
Hitachi Energy UNEM R14BHitachi Energy UNEM R15B
Hitachi Energy UNEM R16AHitachi Energy FOXMAN-UN R9C
Hitachi Energy FOXMAN-UN R10CHitachi Energy FOXMAN-UN R11A
Hitachi Energy FOXMAN-UN R11BHitachi Energy FOXMAN-UN R14A

Remediation

Refer to Hitachi Energy Advisory for patch, upgrade or suggested workaround information.

Hitachi Energy Lumada APM

Hitachi Energy FOXMAN-UN and Hitachi Energy UNEM

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory –Multiple Juniper Networks Junos OS and Junos OS Evolved Vulnerabilities

Rewterz Threat Advisory – ICS: Siemens JT Open Toolkit, JT Utilities, and Solid Edge Vulnerability