Rewterz

Rewterz Threat Alert – Lazarus FastCash – IOCs

May 20, 2020
Rewterz

Rewterz Threat Advisory – ICS: Emerson OpenEnterprise Multiple Vulnerabilities

May 20, 2020

Rewterz Threat Advisory – ICS: Rockwell Automation EDS Subsystem Denial of Service Vulnerability

Severity

High

Analysis Summary

CVE-2020-12038

A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions.

CVE-2020-12034 

The EDS subsystem does not provide adequate input sanitization, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions.

Impact

Denial of Service

Affected Vendors

Rockwell Automation

Affected Products

  • FactoryTalk Linx software Versions 6.00, 6.10 and 6.11
  • RSLinx Classic: Version 4.11.00 and prior
  • RSNetWorx software: Version 28.00.00 and prior
  • Studio 5000 Logix Designer software Version 32 and prior

Remediation

Rockwell Automation has released a patch.

Follow the instructions in knowledge base article RAid 1125928

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.