Rewterz

Rewterz Threat Advisory – CVE-2020-36176 – IThemes Security plugin for WordPress security bypass

January 8, 2021
Rewterz

Rewterz Threat Advisory – ICS: Omron CX-One Code Execution Vulnerabilities

January 8, 2021

Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B

Severity

Medium

Analysis Summary

CVE-2020-27287

The affected product is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. 

CVE-2020-27291

The affected product is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. 

CVE-2020-27289

The affected product has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. 

CVE-2020-27293

The affected product has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.

Impact

Execute arbitrary code

Affected Vendors

Delta Electronics

Affected Products

CNCSoft-B Versions 1.0.0.2 and prior

Remediation

Delta Electronics has released an updated version for CNCSoft-B and recommends users to install updated versions on all affected versions.

install v1.0.0.3

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.