February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Rockwell Automation ISaGRAF Vulnerability
March 31, 2022Rewterz Threat Update – LAPSUS$ Ransomware Group Breaches Globant
March 31, 2022Rewterz Threat Advisory – ICS: Rockwell Automation ISaGRAF Vulnerability
March 31, 2022Rewterz Threat Update – LAPSUS$ Ransomware Group Breaches Globant
March 31, 2022
Severity
Medium
Analysis Summary
CVE-2021-40337 – CVSS: 4.2
Multiple stored XSS vulnerabilities exist in the LinkOne application, allowing multiple web attacks and the theft of sensitive information.
CVE-2021-40338 – CVSS: 3.7
When an error happens during the query operation in the application due to a misconfiguration in the web server configuration file, debug mode in LinkOne application is activated and shows the full path of the directory.
CVE-2021-40339 – CVSS: 3.7
The LinkOne application is lacking HTTP Headers, allowing an attacker to retrieve sensitive information.
CVE-2021-40340 – CVSS: 3.7
Misconfiguration in the ASP server causes server and ASP.net information to be shown. An attacker can use this information as a reconnaissance for further exploitation.
Impact
- Information Disclosure
- Data Theft
Remediation
Refer to the vendor website for the mitigations and patch updates here.