Rewterz Threat Alert – FormBook Malware – Active IOCs
March 11, 2022Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
March 11, 2022Rewterz Threat Alert – FormBook Malware – Active IOCs
March 11, 2022Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
March 11, 2022Severity
High
Analysis Summary
CVE-2022-24661
Siemens Simcenter STAR-CCM+ Viewer could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption in the starview+.exe file. By persuading a victim to open a specially-crafted.SCE file, an attacker could exploit this vulnerability to execute arbitrary code on the system in the context of the current process.
CVE-2021-44478
Siemens Polarion Subversion Webclient is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-25311
Siemens SINEC NMS could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to check privileges between users during the same web browser session. By sending a specially-crafted request, an attacker could exploit this vulnerability to achieve privilege escalation.
Impact
- Code Execution
- Cross-Site Scripting
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-24661
- CVE-2021-44478
- CVE-2022-24661
Affected Vendors
Siemens
Affected Products
- Siemens Simcenter STAR-CCM+ Viewer 2021.2.0
- Siemens Simcenter STAR-CCM+ Viewer 2021.1
- Siemens Polarion Subversion Webclient 21 R1
- Siemens SINEC NMS
Remediation
Refer to Siemens Security Advisory SSA-166747 for patch, upgrade or suggested workaround information.