Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
January 30, 2023Rewterz Threat Advisory – ICS: Delta Electronics InfraSuite Device Master Vulnerability
January 30, 2023Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
January 30, 2023Rewterz Threat Advisory – ICS: Delta Electronics InfraSuite Device Master Vulnerability
January 30, 2023Severity
High
Analysis Summary
CVE-2021-44014 CVSS:7.8
Siemens JT2Go and Teamcenter Visualization could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in Jt1001.dll. By persuading a victim to open a specially-crafted JT file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
CVE-2021-44002 CVSS:7.8
Siemens JT2Go and Teamcenter Visualization could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in Jt1001.dll. By persuading a victim to open a specially-crafted PDF file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2021-44014
- CVE-2021-44002
Affected Vendors
Siemens
Affected Products
- Siemens JT2Go 13.2.0
- Siemens Teamcenter Visualization 13.2.0
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.