Rewterz

Rewterz Threat Advisory – Delta Industrial Automation CNCSoft Multiple Vulnerabilities

April 17, 2019
Rewterz

Rewterz Threat Advisory – CVE-2019-10953 – PLC Cycle Time Influences Resource Consumption Vulnerability

April 17, 2019

Rewterz Threat Advisory – CVE-2019-10712 – WAGO Series 750-88x and 750-87x Undocumented Service Access Vulnerability

Severity

High

Analysis Summary

By exploiting the undocumented service access, it is possible to change the settings of a device and access web-based management with administrator privileges. An attacker can exploit this vulnerability to lock other users out from the device or open closed network ports. It is also possible to use this service access as an FTP user and exchange or delete the application.

Impact

Use of hard coded credentials

Affected Vendors

WAGO

Affected Products

Series 750-88x and 750-87x

Remediation

Vendor recommends updating to the newest firmware and taking the following defensive measures:

  • Restrict network access to the web server.
  • Restrict network access to the device.
  • Do not directly connect the device to the Internet.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.