Rewterz

Rewterz Threat Advisory – ICS: MOXA NPort IAW5000A-I/O Series Multiple Vulnerabilities

October 14, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-7591 – ICS: Siemens SIPORT MP Multiple Vulnerabilities

October 14, 2020

Rewterz Threat Advisory – ICS: Siemens Desigo Insight

Severity

Medium

Analysis Summary

CVE-2020-15792 

The web service does not properly apply input validation for some query parameters, which may allow an attacker to retrieve data via a content based blind SQL injection attack. 

CVE-2020-15793

The affected product is vulnerable to clickjacking, which may allow an attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker. 

CVE-2020-15794

The affected product is vulnerable to exposure of sensitive information, which may allow an attacker to retrieve additional information about the host system.

Impact

  • SQL Injection
  • Exposure of Sensitive Information

Affected Vendors

Siemens

Affected Products

Desigo Insight: All versions

Remediation

Siemens recommends users to Update to v6.0 SP5

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.