Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity
High
Analysis Summary
CVE-2018-14618
The HTTP client curl is vulnerable to a buffer overrun.
The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges. User interaction by a legitimate use is required to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected device.
CVE-2018-16890
The HTTP client library libcurl is vulnerable to a heap buffer out-of-bounds read.
The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system.
CVE-2019-3822
The HTTP client library libcurl is vulnerable to a stack-based buffer overflow.
The vulnerability could be exploited by an attacker providing a malicious HTTP server. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.
CVE-2019-6570
Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.
The vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.
Impact
Affected Vendors
Siemens
Affected Products
Remediation
Vendor currently has updates for the following products:
SINEMA Remote Connect Client: Update to v2.0 HF1: https://support.industry.siemens.com/cs/de/en/view/109764829
SINEMA Remote Connect Server: Update to v2.0: https://support.industry.siemens.com/cs/de/en/view/109764829