Rewterz Threat Alert – APT Groups Kimsuky Konni targets SouthEast Asia
December 2, 2020Rewterz Threat Advisory – Linux Kernel Privilege Escalation
December 2, 2020Rewterz Threat Alert – APT Groups Kimsuky Konni targets SouthEast Asia
December 2, 2020Rewterz Threat Advisory – Linux Kernel Privilege Escalation
December 2, 2020Severity
Medium
Analysis Summary
CVE-2020-7544
An improper privilege management vulnerability exists that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxure Operator Terminal Expert.
Impact
- Command execution
- Loss of availability, confidentiality, and integrity of system
Affected Vendors
Schneider Electric
Affected Products
EcoStruxure Operator Terminal Expert
Remediation
Refer to ICS advisory for the complete list of affected products.
https://us-cert.cisa.gov/ics/advisories/icsa-20-336-01
Schneider Electric has prepared Version 3.1 Service Pack 1B of the EcoStruxure Operator Terminal Expert