Rewterz Threat Alert – Hackers Leverage Insecure VPN Profile to Breach Avast Antivirus Network
October 22, 2019Rewterz Threat Advisory – Multiple Vulnerabilities in Mozilla Firefox
October 23, 2019Rewterz Threat Alert – Hackers Leverage Insecure VPN Profile to Breach Avast Antivirus Network
October 22, 2019Rewterz Threat Advisory – Multiple Vulnerabilities in Mozilla Firefox
October 23, 2019Severity
Medium
Analysis Summary
CVE-2019-6823
A code injection vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
CVE-2019-6824
A buffer error vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
CVE-2019-6825
An uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
Impact
- Code Injection
- Improper Restriction of Operations within the Bounds of a Memory Buffer
- Uncontrolled Search Path Element
Affected Vendors
Schneider Electric
Affected Products
ProClima all versions prior to 8.0.0
Remediation
Schneider Electric has released Version 8.0.0 of ProClima and recommends users upgrade to this version or newer.