Rewterz Threat Advisory – CVE-2020-9050 – ICS: Johnson Controls Metasys Reporting Engine (MRE) Web Services
February 19, 2021Rewterz Threat Alert – Bitter APT Group – IOCs
February 19, 2021Rewterz Threat Advisory – CVE-2020-9050 – ICS: Johnson Controls Metasys Reporting Engine (MRE) Web Services
February 19, 2021Rewterz Threat Alert – Bitter APT Group – IOCs
February 19, 2021Severity
Medium
Analysis Summary
CVE-2021-22697, CVE-2021-22698
When a malicious SSD file is uploaded and improperly parsed, an attacker could cause a use-after-free condition or stack-based buffer overflow resulting in remote code execution.
Impact
Remote code execution
Affected Vendors
Schneider Electric
Affected Products
EcoStruxure Power Build-Rapsody
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.
https://www.se.com/ww/en/download/document/SEVD-2021-012-01/