Rewterz

Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer

August 10, 2020
Rewterz

Rewterz Threat Alert – Latest Emotet IOCs

August 10, 2020

Rewterz Threat Advisory – ICS: Delta Industrial Automation TPEditor

Severity

Medium

Analysis Summary

CVE-2020-16219

An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

CVE-2020-16221

A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 

CVE-2020-16223

A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 

CVE-2020-16225

A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

CVE-2020-16227

An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

Impact

  • Execute arbitrary code
  • Exposure of sensitive data 
  • Application crash

Affected Vendors

Delta Electronics

Affected Products

TPEditor Versions 1.97 and prior

Remediation

Delta Electronics recommends affected users update to the latest version.

Version 1.98

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.