Rewterz

Rewterz Threat Advisory – ICS: Schneider Electric Enerlin’X Com’X 510

June 18, 2021
Rewterz

Rewterz Threat Advisory – ICS: Siemens JT2Go Vulnerability

June 18, 2021

Rewterz Threat Advisory – ICS: Advantech WebAccess/SCADA

Severity

High

Analysis Summary

CVE-2021-32956

The affected product is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. Successful exploitation of this vulnerability could allow an attacker to read files outside the intended directory or redirect a user to a malicious webpage.

CVE-2021-32954

The affected product is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. Successful exploitation of this vulnerability could allow an attacker to read files outside the intended directory or redirect a user to a malicious webpage.

Impact

  • Relative Path Traversal
  • Open Redirect

Affected Vendors

Advantech

Affected Products

WebAccess/SCADA Versions 9.0.1 and prior

Remediation

Refer to vendor advisory for the complete list of affected products and their respective patches at
https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.