Rewterz Threat Advisory – CVE-2019-13517 – BD Pyxis Privilege Access Vulnerability
September 6, 2019Rewterz Threat Alert – Phishing Emails Are Using SharePoint to Attack Banks
September 6, 2019Rewterz Threat Advisory – CVE-2019-13517 – BD Pyxis Privilege Access Vulnerability
September 6, 2019Rewterz Threat Alert – Phishing Emails Are Using SharePoint to Attack Banks
September 6, 2019Severity
Medium
Analysis Summary
CVE-2019-10996
Multiple vulnerabilities can be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.
CVE-2019-10978
Multiple vulnerabilities can be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.
CVE-2019-10984
Multiple vulnerabilities can be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.
CVE-2019-10990
Crimson uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.
Impact
- Use of Hard-coded Cryptographic Key
- Use After Free
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected Vendors
Red Lion Controls
Affected Products
- Crimson Versions 3.0 and prior
- Crimson Versions 3.1 and prior to release 3112.00
Remediation
- Red Lion Controls recommends users migrate to Crimson 3.1 release 3112.00 or later where the model choice allows. Updated software can be found at the following link: