Rewterz

Rewterz Threat Advisory – Multiple Oracle MySQL Vulnerabilities

April 22, 2021
Rewterz

Rewterz Threat Advisory – Junos OS Remote Code Execution Vulnerability

April 22, 2021

Rewterz Threat Advisory – CVE-2021-27394 – ICS: Siemens Mendix

Severity

Medium

Analysis Summary

CVE-2021-27394

Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.Successful exploitation of this vulnerability could allow a non-administrative user to gain administrative privileges.

Impact

  • Privilege access
  • Improper Privilege Management

Affected Vendors

Siemens

Affected Products

  • Mendix Applications using Mendix 7 All versions prior to v7.23.19
  • Mendix Applications using Mendix 8 All versions prior to v8.17.0
  • Mendix Applications using Mendix 8 (v8.12) All versions prior to v8.12.5
  • Mendix Applications using Mendix 8 (v8.6) All versions prior to v8.6.9
  • Mendix Applications using Mendix 9 All versions prior to v9.0.5

Remediation

Refer to ICS advisory for the complete list of affected products and their respective patches.

https://us-cert.cisa.gov/ics/advisories/icsa-21-110-07

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.