Rewterz

Rewterz Threat Advisory – ICS: Rockwell Automation EDS Subsystem Denial of Service Vulnerability

May 20, 2020
Rewterz

Rewterz Threat Alert – Self-Hiding Eleethub Mining Botnet

May 20, 2020

Rewterz Threat Advisory – ICS: Emerson OpenEnterprise Multiple Vulnerabilities

Severity

High

Analysis Summary

CVE-2020-10640

The affected components may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. 

CVE-2020-10632

Inadequate folder security permissions may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.

CVE-2020-10636

Inadequate encryption may allow the passwords for OpenEnterprise user accounts to be obtained.

Impact

  • Missing Authentication for Critical Function
  • Improper Ownership Management
  • Inadequate Encryption Strength

Affected Vendors

Emerson

Affected Products

OpenEnterprise all versions through 3.3.4

Remediation

Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5).

Emerson SupportNet

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.