Rewterz Threat Alert – APT C-35 (Donot Team) Android APK Sample
November 18, 2020Rewterz Threat Advisory – CVE-2020-9049 – ICS: Johnson Controls Sensormatic Electronics American Dynamics victor Web Client
November 18, 2020Rewterz Threat Alert – APT C-35 (Donot Team) Android APK Sample
November 18, 2020Rewterz Threat Advisory – CVE-2020-9049 – ICS: Johnson Controls Sensormatic Electronics American Dynamics victor Web Client
November 18, 2020Severity
Medium
Analysis Summary
CVE-2020-7550, CVE-2020-7551, CVE-2020-7552, CVE-2020-7553, CVE-2020-7554, CVE-2020-7555, CVE-2020-7556, CVE-2020-7557, CVE-2020-7558
An improper restriction of operations within the bounds of a memory buffer vulnerability could cause remote code execution when a malicious CGF (Configuration Group File) is imported to IGSS Definition.
Impact
Remote code execution
Affected Vendors
Schneider Electric
Affected Products
IGSS Definition (Def.exe) Version 14.0.0.20247 and prior
Remediation
Schneider Electric has provided a new version of the IGSS Definition module to address these vulnerabilities. Users are recommended to update to IGSS Version 14.0.0.20248