Rewterz Threat Advisory – ICS: Hitachi Energy MicroSCADA Pro X SYS600 Vulnerabilities

November 15, 2022

Rewterz Threat Advisory – ICS: Delta Electronics DIAEnergie Vulnerabilities

November 16, 2022

Rewterz Threat Advisory – Multiple Zimbra Collaboration Vulnerabilities

November 15, 2022

Severity

Medium

Analysis Summary

CVE-2022-41348 CVSS:6.1
Zimbra Collaboration is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the onerror attribute of an IMG element. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-41349 CVSS:6.1
Zimbra Collaboration is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the /h/compose endpoint. A remote attacker could exploit this vulnerability using the attachUrl parameter in a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-41350 CVSS:6.1
Zimbra Collaboration is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the /h/search?action=voicemail&action=listen endpoint. A remote attacker could exploit this vulnerability using the phone parameter in a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-41351 CVSS:6.1
Zimbra Collaboration is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the /h/calendar. A remote attacker could exploit this vulnerability using the view parameter in a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Cross-Site Scripting

Indicators Of Compromise

CVE

CVE-2022-41348
CVE-2022-41349
CVE-2022-41350
CVE-2022-41351

Affected Vendors

Zimbra

Affected Products

Zimbra Collaboration 9.0
Zimbra Collaboration 8.8.15

Remediation

Upgrade to the latest version of Zimbra Collaboration, available from the Zimbra Website.
Zimbra Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Hitachi Energy MicroSCADA Pro X SYS600 Vulnerabilities

Rewterz Threat Advisory – ICS: Delta Electronics DIAEnergie Vulnerabilities

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.