Rewterz

Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Operator Terminal Expert

May 26, 2020
Rewterz

Rewterz Threat Alert – Fake Zoom Installers Hiding Zapiz Backdoor and Devil Shadow

May 28, 2020

Rewterz Threat Advisory – CVE-2020-8482 – ICS: ABB Device Library Wizard Information Disclosure Vulnerability

Severity

Medium

Analysis Summary

A vulnerability exists in Device Library Wizard in the affected product versions listed. It creates a file that contains confidential data that could be read by low privileged users. This could allow the attacker to take control of one or multiple system nodes.

Impact

Exposure of sensitive data

Affected Vendors

ABB

Affected Products

  • ABB Device Library Wizard versions 6.0.X
  • ABB Device Library Wizard versions 6.0.3.1
  • ABB Device Library Wizard versions 6.0.3.2

Remediation

ABB recommends that customers apply the update,

  • Device Library Wizard version 6.0.3.2 RU1
  • Device Library Wizard version 6.0.3.3
  • Device Library Wizard version 6.1.X onwards

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.