Rewterz

Rewterz Threat Alert – Trickbot – IOCs

December 30, 2020
Rewterz

Rewterz Threat Advisory – Apache Cassandra directory traversal

December 31, 2020

Rewterz Threat Advisory – CVE-2020-5802 – Rockwell Automation FactoryTalk denial of service

Severity

High

Analysis Summary

CVE-2020-5802

Rockwell Automation FactoryTalk is vulnerable to a denial of service, caused by an unhandled exception in RSLinxNG.exe when memory allocation size is passed to the C++ new operator in RnaDaSvr.dll. By sending a specially-crafted ConfigureItems message to TCP prot 4241, a remote attacker could exploit this vulnerability to cause RSLinxNG.exe to crash, and results in a denial of service condition.

Impact

Denial of service

Affected Vendors

Rockwell Automation

Affected Products

Rockwell Automation FactoryTalk Linx 6.11

Remediation

Users are advised to visit the following advised mitigations.

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129496

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.