Rewterz

Rewterz Threat Advisory – CVE-2019-6569 SIEMENS SCALANCE X – Expected Behavior Violation

March 28, 2019
Rewterz

CVE-2018-19282 Rockwell Automation PowerFlex 525 AC Drives

March 29, 2019

Rewterz Threat Advisory – Trend Micro OfficeScan XG Security Bypass Vulnerability

Severity

Low

Analysis Summary

  • Cookie security is not enabled in the OfficeScan web console’s HTTP response.
  • A possible zero-day vulnerability may allow an attacker to bypass unauthorized log-on protection and launch a Path Traversal Attack on the OfficeScan web console.
  • The OfficeScan agent domain name in the Trend Micro Control Manager(TM) server web console is not updated promptly after the information is changed on the OfficeScan web console.
  • An error that resulted from a previous action prevents the OfficeScan agent console from opening.

Impact

Security Bypass

Affected Vendors

Trend Micro

Affected Products

Trend Micro OfficeScan XG

Remediation

Apply osce_xg_sp1_win_en_criticalpatch_5338.exe

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.