November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-10915 – Siemens TIA Administrator (TIA Portal) Improper Access Control Vulnerability
July 12, 2019Rewterz Threat Advisory – CVE-2019-6827 – Schneider Electric Interactive Graphical SCADA System
July 12, 2019Rewterz Threat Advisory – CVE-2019-10915 – Siemens TIA Administrator (TIA Portal) Improper Access Control Vulnerability
July 12, 2019Rewterz Threat Advisory – CVE-2019-6827 – Schneider Electric Interactive Graphical SCADA System
July 12, 2019
Severity
Medium
Analysis Summary
CVE-2011-3389
The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which may allow a man-in-the-middle attack to obtain plaintext HTTP headers.
CVE-2016-6329
Long-duration TLS sessions used with a 64-bit block cipher may allow remote attackers to obtain cleartext data.
CVE-2013-0169
Outdated versions of TLS and DTLS allow statistical analysis of timing data for crafted packets, which may allow remote attackers to conduct distinguishing and plaintext-recovery attacks.
Impact
Improper Input Validation
Affected Vendors
Siemens
Affected Products
- Siemens RF615R
- Siemens RF68XR
Remediation
Siemens recommends users upgrade to Version 3.2.1 or newer for both affected products.