Rewterz

Rewterz Threat Alert – Hackers Leverage Insecure VPN Profile to Breach Avast Antivirus Network

October 22, 2019
Rewterz

Rewterz Threat Advisory – Multiple Vulnerabilities in Mozilla Firefox

October 23, 2019

Rewterz Threat Advisory – ICS: Schneider Electric ProClima Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-6823

A code injection vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.

CVE-2019-6824

A buffer error vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.

CVE-2019-6825

An uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.

Impact

  • Code Injection
  • Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Uncontrolled Search Path Element

Affected Vendors

Schneider Electric

Affected Products

ProClima all versions prior to 8.0.0

Remediation

Schneider Electric has released Version 8.0.0 of ProClima and recommends users upgrade to this version or newer.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.