Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

September 6, 2021

Rewterz Threat Alert – Maze Ransomware – Active IOCs

September 6, 2021

Rewterz Threat Advisory – ICS: Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution

September 6, 2021

Severity

High

Analysis Summary

CVE-2021-38408

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2711, which can be used to invoke BwFLApp.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the Administrator.

Impact

Code Execution
Unauthorized Access

Affected Vendors

Advantech

Affected Products

WebAccess: Versions 9.02 and prior

Remediation

Refer to ICS-CERT advisory for the complete list of affected products and their respective patches at

https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

Rewterz Threat Alert – Maze Ransomware – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.