Rewterz Threat Advisory – Multiple SAP NetWeaver AS JAVA Vulnerabilities
April 14, 2021Rewterz Threat Advisory – Adobe Bridge code execution
April 14, 2021Rewterz Threat Advisory – Multiple SAP NetWeaver AS JAVA Vulnerabilities
April 14, 2021Rewterz Threat Advisory – Adobe Bridge code execution
April 14, 2021Severity
High
Analysis Summary
CVE-2021-25668
The POST requests in the web server are processed incorrectly, and this may result in an out-of-bounds write in the heap. The heap overflow condition may be activated as the buffer overflow. This can be leveraged by an attacker to cause DoS (denial-of-service) conditions and execute codes remotely.
CVE-2021-25669
This buffer overflow is stack-based, and the incorrect processing of the POST requests may write out-of-bounds in the stack. The attacker could impact the webserver by leveraging the vulnerability to cause DoS (denial-of-service) conditions and execute codes remotely.
Impact
Remote Code Execution
Affected Vendors
Siemens
Affected Products
Web Server of SCALANCE X200
Remediation
Refer to the ICS advisory for the complete list of affected products, mitigation methods, and their respective patches.