Rewterz

Multiple Oracle Products Vulnerabilities

October 23, 2024
Rewterz

Latrodectus and Bumblebee Malware Reappear with Advanced Phishing Techniques – Active IOCs

October 23, 2024

ICS: Multiple Schneider Electric Data Center Expert Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-8530 CVSS:5.9

Schneider Electric Data Center Expert could allow a remote attacker to obtain sensitive information, caused by a missing authentication for critical function vulnerability. By accessing an already generated “logcaptures” archive directly using HTTPS, an attacker could exploit this vulnerability to obtain private data.

CVE-2024-8531 CVSS:7.2

Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

Impact

  • Information Theft
  • Data Manipulation

Indicators of Compromise

CVE

  • CVE-2024-8530
  • CVE-2024-8531

Affected Vendors

Schneider Electric

Affected Products

  • Schneider Electric Data Center Expert - Versions 8.1.1.3 and prior

Remediation

Refer to Schneider Electric Security Advisory for patch, upgrade or suggested workaround information.

Schneider Electric Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.