Rewterz Threat Advisory – ICS: Johnson Controls Metasys ADX Server Vulnerability

October 5, 2022

Rewterz Threat Advisory – ICS: Horner Automation Cscape Vulnerability

October 5, 2022

Rewterz Threat Advisory – ICS: Hitachi Energy Modular Switchgear Monitoring Vulnerability

October 5, 2022

Severity

High

Analysis Summary

CVE-2021-40335 CVSS:5

The affected product is vulnerable to cross site request forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unauthorized action without the knowledge of the legitimate user.

CVE-2021-40336 CVSS:5

The affected product is vulnerable to HTTP response splitting, which if exploited, could lead an attacker to inject harmful code into the user’s web browser for purposes such as stealing session cookies.

Impact

Cross-Site Scripting

Indicators Of Compromise

CVE

CVE-2021-40335
CVE-2021-40336

Affected Vendors

Hitachi Energy

Affected Products

MSM version 2.2 and prior

Remediation

Refer to CISA-CERT Advisory for the patch, upgrade, or suggested workaround information.
CISA-CERT Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Johnson Controls Metasys ADX Server Vulnerability

Rewterz Threat Advisory – ICS: Horner Automation Cscape Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.