Rewterz

Rewterz Threat Alert – Latest Emotet IOCs

June 26, 2020

Malware Analysis – Malicious Macros

June 26, 2020

Rewterz Threat Advisory – ICS: Rockwell FactoryTalk View SE

Severity

High

Analysis Summary

CVE-2020-14481

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

CVE-2020-14480

Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.

Impact

  • Plaintext Storage of Sensitive Information
  • Weak Encoding for Password

Affected Vendors

Rockwell Automation

Affected Products

FactoryTalk View SE Versions 9.0 and earlier
FactoryTalk View SE Version 10.0

Remediation

Users of the affected versions of DeskLock provided with FactoryTalk View SE can update to v10.0 or later.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.