Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM Vulnerability
July 15, 2022Rewterz Threat Advisory –CVE-2022-2399 – Google Chrome WebGPU Vulnerability
July 15, 2022Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM Vulnerability
July 15, 2022Rewterz Threat Advisory –CVE-2022-2399 – Google Chrome WebGPU Vulnerability
July 15, 2022Severity
Medium
Analysis Summary
CVE-2022-34467 CVSS:6.5
Siemens Mendix Excel Importer Module is vulnerable to a denial of service, caused by an XML entity expansion vulnerability. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-34466 CVSS:6.5
Siemens Mendix Applications using Mendix 9 could allow a remote authenticated attacker to obtain sensitive information, caused by an expression injection vulnerability in the Workflow processing. By using the Workflow visual language, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-34467
- CVE-2022-34466
Affected Vendors
Siemens
Affected Products
- Siemens Mendix Excel Importer Module (Mendix 8 compatible) 9.2.1
- Siemens Mendix Excel Importer Module (Mendix 9 compatible) 10.1.1
- Siemens Mendix Applications using Mendix 9 9.11
- Siemens Mendix Applications using Mendix 9 9.12.2
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.