February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Schneider Electric Interactive Graphical SCADA System (IGSS)
November 18, 2020Rewterz Threat Alert – Common Raven – IOCs
November 19, 2020Rewterz Threat Advisory – ICS: Schneider Electric Interactive Graphical SCADA System (IGSS)
November 18, 2020Rewterz Threat Alert – Common Raven – IOCs
November 19, 2020
Severity
Medium
Analysis Summary
CVE-2020-9049
The software does not perform, or incorrectly performs, an authorization check when an actor attempts to access a resource or perform an action. Successful exploitation of this vulnerability could allow an unauthenticated attacker on the network to create and sign their own JSON web token and use it to execute an HTTP API method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a denial-of-service attack.
Impact
Denial of service
Affected Vendors
Sensormatic Electronics
Affected Products
- All versions of victor Web Client up to and including v5.6
- All versions of C•CURE Web Client up to and including v2.90
Remediation
Users are advised to maintain product installations at the latest release. Latest updates and patches can be found at :