Rewterz

Rewterz Threat Advisory – CVE-2021-21366 – Node.js xmldom module security bypass

March 15, 2021
Rewterz

Rewterz Threat Alert – APT -28 Fancy Bear – Active IOCs

March 15, 2021

Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server

Severity

Medium

Analysis Summary

CVE-2020-25239

The webserver could allow unauthorized actions via special URLs for unprivileged users. The settings of the Unified Management Component (UMC) authorization server could be changed to add a rogue server by an attacker authenticating with unprivileged user rights. 

CVE-2020-25240

Unprivileged users can access services when guessing the URL. An attacker could impact availability, integrity, and gain information from logs and templates of the service.

Impact

Allow authenticated privileges

Affected Vendors

Siemens

Affected Products

SINEMA Remote Connect Server: All versions prior to v3.0

Remediation

Siemens recommends updating to v3.0 or later

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.