Rewterz Threat Advisory – Prima Systems FlexAir Multiple Vulnerabilities

August 1, 2019

Rewterz Threat Advisory – CVE 2019-10974 – NREL EnergyPlus Denial of Service Vulnerability

August 1, 2019

Rewterz Threat Advisory – Mitsubishi Electric FR Configurator2 Multiple Vulnerabilities

August 1, 2019

Severity

Medium

Analysis Summary

CVE 2019-10976

This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.

CVE 2019-10972

This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted.

Impact

Uncontrolled Resource Consumption

Affected Vendors

Mitsubishi Electric

Affected Products

Mitsubishi Electric FR Configurator2 Version 1.16S and prior

Remediation

Mitsubishi Electric has released Version 1.17T for the reported vulnerabilities.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Group aka Rattlesnake – Active IOCs

Microsoft Bookings Vulnerability Allowed Attackers to Modify Meeting Details

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Prima Systems FlexAir Multiple Vulnerabilities

Rewterz Threat Advisory – CVE 2019-10974 – NREL EnergyPlus Denial of Service Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.