March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2019-6569 SIEMENS SCALANCE X – Expected Behavior Violation
March 28, 2019CVE-2018-19282 Rockwell Automation PowerFlex 525 AC Drives
March 29, 2019Rewterz Threat Advisory – CVE-2019-6569 SIEMENS SCALANCE X – Expected Behavior Violation
March 28, 2019CVE-2018-19282 Rockwell Automation PowerFlex 525 AC Drives
March 29, 2019
Severity
Low
Analysis Summary
- Cookie security is not enabled in the OfficeScan web console’s HTTP response.
- A possible zero-day vulnerability may allow an attacker to bypass unauthorized log-on protection and launch a Path Traversal Attack on the OfficeScan web console.
- The OfficeScan agent domain name in the Trend Micro Control Manager(TM) server web console is not updated promptly after the information is changed on the OfficeScan web console.
- An error that resulted from a previous action prevents the OfficeScan agent console from opening.
Impact
Security Bypass
Affected Vendors
Trend Micro
Affected Products
Trend Micro OfficeScan XG
Remediation
Apply osce_xg_sp1_win_en_criticalpatch_5338.exe