[CERT-daily] Tageszusammenfassung - 05.07.2021

Mon Jul 5 18:10:23 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 02-07-2021 18:00 − Montag 05-07-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Kaseya VSA Ransomwarevorfall: Sicht auf Österreich ∗∗∗
---------------------------------------------
In den Medien wird aktuell über einen Ransomwarevorfall, welcher eine große Anzahl an Firmen betrifft, berichtet 1 2. Folgend diesen Berichten gelang es der Ransomware-Gruppe "REvil" über das Einschleusen von Code in die Software-Lösung "Kaseya VSA", welche zum Remote-Monitoring und -Management für IT bei Managed Service Providern (MSP) eingesetzt wird, die Ransomware "Sodinokibi" automatisiert an die MSPs und somit auch an deren Kunden
---------------------------------------------
https://cert.at/de/aktuelles/2021/7/kaseya-vsa-ransomwarevorfall


∗∗∗ Free Micropatches for PrintNightmare Vulnerability (CVE-2021-34527) ∗∗∗
---------------------------------------------
Update 7/5/2021: Security researcher cube0x0 discovered another attack vector for this vulnerability, which significantly expands the set of affected machines. While the original attack vector was Print System Remote Protocol [MS-RPRN], the same attack delivered via Print System Asynchronous Remote Protocol [MS-PAR] does not require Windows server to be a domain controller, or Windows 10 machine to have UAC User Account Control disabled or PointAndPrint NoWarningNoElevationOnInstall enabled.
---------------------------------------------
https://blog.0patch.com/2021/07/free-micropatches-for-printnightmare.html


∗∗∗ Another 0-Day Looms for Many Western Digital Users ∗∗∗
---------------------------------------------
Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who cant or wont upgrade to the latest operating system.
---------------------------------------------
https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/


∗∗∗ Spam per Termineinladung: So schützen Sie sich! ∗∗∗
---------------------------------------------
Sie haben plötzlich im Lotto gewonnen. Jemand will Ihnen aus reiner Nächstenliebe Geld spenden. Außerdem müssen Sie unbedingt auf dieser einen Trading-Plattform investieren. Gewinne garantiert! Viele von uns kennen solche Versprechungen wohl. Spam-Mails sind nichts Neues mehr. Daher überlegen sich Kriminelle immer wieder neue Möglichkeiten, um an das Geld ihrer Opfer zu kommen. Derzeit sehr beliebt: Kalender-Spam!
---------------------------------------------
https://www.watchlist-internet.at/news/spam-per-termineinladung-so-schuetzen-sie-sich/


∗∗∗ Telnet service left enabled and without a password on SIMATIC HMI Comfort Panels ∗∗∗
---------------------------------------------
Siemens SIMATIC HMI Comfort Panels, devices meant to provide visualization of data received from industrial equipment, are exposing their Telnet service without any form of authentication, security researchers have discovered.
Tracked as CVE-2021-31337, the vulnerability was revealed earlier this week.
All SIMATIC HMI Comfort Panels models are believed to be impacted, except panels for SINAMICS Medium Voltage Products (SL150, SM150, and SM150i), where the Telnet service is disabled by default.
---------------------------------------------
https://therecord.media/telnet-service-left-enabled-and-without-a-password-on-simatic-hmi-comfort-panels/


∗∗∗ MISP 2.4.145 and 2.4.146 released (Improved warning-lists) ∗∗∗
---------------------------------------------
MISP 2.4.145 and 2.4.146 released including a massive update to the MISP warning-lists, various improvements and security fixes.
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.145


=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-21-779: Advantech WebAccess Node BwFreRPT Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-779/


∗∗∗ ZDI-21-778: Advantech WebAccess Node BwImgExe Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-778/


∗∗∗ ZDI-21-777: Autodesk Design Review PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-777/


∗∗∗ ZDI-21-776: Autodesk Design Review DWF File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-776/


∗∗∗ ZDI-21-775: Autodesk Design Review DWFX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-775/


∗∗∗ ControlTouch serial number can be misused to access customer configuration ∗∗∗
---------------------------------------------
ABB is aware of a privately reported vulnerability in the ControlTouch cloud subsystem. The cloud sub-system is updated to remove the vulnerability. An attacker who successfully exploited this vulnerability could modify the configuration of the ControlTouch of an authorized user.
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A3688&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (electron11, electron12, istio, jenkins, libtpms, mediawiki, mruby, opera, puppet, and python-fastapi), Debian (djvulibre and openexr), Fedora (dovecot, libtpms, nginx, and php-league-flysystem), Gentoo (corosync, freeimage, graphviz, and libqb), Mageia (busybox, file-roller, live, networkmanager, and php), openSUSE (clamav-database, lua53, and roundcubemail), Oracle (389-ds:1.4, kernel, libxml2, python38:3.8 and python38-devel:3.8, and ruby:2.5), and SUSE (crmsh, djvulibre, python-py, and python-rsa).
---------------------------------------------
https://lwn.net/Articles/861906/


∗∗∗ Ricon Industrial Cellular Router S9922XL Remote Command Execution ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5653.php


∗∗∗ GNU C Library (glibc) vlunerability CVE-2016-10228 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52494142?utm_source=f5support&utm_medium=RSS


∗∗∗ Advisory: Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1622986485635-en-original-1.0.pdf


∗∗∗ Advisory: Stack crash in B&R Industrial Automation X20 EthernetIP Adpater ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1622986485562-en-original-1.0.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily