[CERT-daily] Tageszusammenfassung - 14.02.2023

Tue Feb 14 18:36:26 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 13-02-2023 18:00 − Dienstag 14-02-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New stealthy Beep malware focuses heavily on evading detection ∗∗∗
---------------------------------------------
A new stealthy malware named Beep was discovered last week, featuring many features to evade analysis and detection by security software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-stealthy-beep-malware-focuses-heavily-on-evading-detection/


∗∗∗ Exploiting a remote heap overflow with a custom TCP stack ∗∗∗
---------------------------------------------
In November 2021 our team took part in the ZDI Pwn2Own Austin 2021 competition with multiple entries. One of them successfully compromised the Western Digital MyCloudHome connected hard drive via a 0-day in the Netatalk daemon. Our exploit was unusual because triggering the vulnerability required to mess with the remote TCP stack, so we wrote our own. This blog post will provide some technical details about it.
---------------------------------------------
https://www.synacktiv.com/publications/exploiting-a-remote-heap-overflow-with-a-custom-tcp-stack.html


∗∗∗ Securing Open-Source Solutions: A Study of osTicket Vulnerabilities ∗∗∗
---------------------------------------------
One of the applications assessed was osTicket, an open-source ticketing system. With distinctive features and plugins, osTicket gives users the ability to “Manage, organize, and archive all your support requests and responses (...).” During our assessment, the Checkmarx Labs team found some interesting vulnerabilities. In this blog/report, not only will we disclose some of the identified vulnerabilities but also elaborate on the team’s approach to identifying them.
---------------------------------------------
https://checkmarx.com/blog/securing-open-source-solutions-a-study-of-osticket-vulnerabilities/


∗∗∗ Amazon: Vorsicht vor Fake-Anrufen ∗∗∗
---------------------------------------------
Aktuell geben sich Kriminelle als Mitarbeiter:innen von Amazon aus und täuschen ein Problem mit Ihrer Bestellung vor. Sie werden aufgefordert Zahlungsdaten zu übermitteln, Zahlungen freizugeben und eine Wartungssoftware wie TeamViewer zu installieren. Legen Sie auf und blockieren Sie die Nummer.
---------------------------------------------
https://www.watchlist-internet.at/news/amazon-vorsicht-vor-fake-anrufen/


∗∗∗ A Deep Dive into Reversing CODESYS ∗∗∗
---------------------------------------------
This white paper offers a technical deep dive into PLC protocols and how to safely scan CODESYS-based ICS networking stacks.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/02/14/a-deep-dive-into-reversing-codesys/


∗∗∗ Typosquatting: Legit Abquery Package Duped with Malicious Aabquerys ∗∗∗
---------------------------------------------
Aabquerys use the typosquatting technique to encourage downloading malicious components, as it has been cleverly named to make it sound like the legitimate NPM module Abquery.
---------------------------------------------
https://www.hackread.com/typosquatting-abquery-package-aabquerys/

=====================
=  Vulnerabilities  =
=====================

∗∗∗ Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug ∗∗∗
---------------------------------------------
Conditional code considered cryptographically counterproductive.
---------------------------------------------
https://nakedsecurity.sophos.com/2023/02/13/serious-security-gnutls-follows-openssl-fixes-timing-attack-bug/


∗∗∗ Patch Now: Apples iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw ∗∗∗
---------------------------------------------
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution.
---------------------------------------------
https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html


∗∗∗ Patchday: SAP schützt seine Software vor möglichen Attacken ∗∗∗
---------------------------------------------
Es sind unter anderem für SAP BusinessObjects und SAP Start Service wichtige Sicherheitsupdates erschienen.
---------------------------------------------
https://heise.de/-7494856


∗∗∗ Bestimmte auf HP-Computern vorinstallierte Windows-10-Versionen sind verwundbar ∗∗∗
---------------------------------------------
Wer einen PC von HP mit einer älteren Windows-10-Ausgabe nutzt, sollte einen Sicherheitspatch installieren.
---------------------------------------------
https://heise.de/-7494955


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (imagemagick), Fedora (xml-security-c), Red Hat (grub2), SUSE (chromium, freerdp, libbpf, and python-setuptools), and Ubuntu (fig2dev and python-django).
---------------------------------------------
https://lwn.net/Articles/923267/


∗∗∗ Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 ∗∗∗
---------------------------------------------
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVE-2023-24483
---------------------------------------------
https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483


∗∗∗ Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485 ∗∗∗
---------------------------------------------
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVE-2023-24484 & CVE-2023-24485
---------------------------------------------
https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485


∗∗∗ Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486 ∗∗∗
---------------------------------------------
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
CVE-2023-24486
---------------------------------------------
https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486


∗∗∗ SonicWall Email Security Information Discloser Vulnerability ∗∗∗
---------------------------------------------
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
CVE: CVE-2023-0655
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0002


∗∗∗ The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries ∗∗∗
---------------------------------------------
The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. may insecurely load Dynamic Link Libraries.
---------------------------------------------
https://jvn.jp/en/jp/JVN60263237/


∗∗∗ Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools ∗∗∗
---------------------------------------------
tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference (XXE) vulnerability.
---------------------------------------------
https://jvn.jp/en/jp/JVN00712821/


∗∗∗ 101news By Mayuri K 1.0 SQL Injection ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2023020025


∗∗∗ Developed by Ameya Computers LOGIN SQL INJECTİON ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2023020024


∗∗∗ SSA-953464 V1.0: Multiple Vulnerabilites in Siemens Brownfield Connectivity - Client before V2.15 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf


∗∗∗ SSA-847261 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf


∗∗∗ SSA-836777 V1.0: JT File Parsing Vulnerabilities in JT Open, JT Utilities and Parasolid ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf


∗∗∗ SSA-744259 V1.0: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf


∗∗∗ SSA-693110 V1.0: Buffer Overflow Vulnerability in COMOS ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf


∗∗∗ SSA-686975 V1.0: IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdf


∗∗∗ SSA-658793 V1.0: Command Injection Vulnerability in SiPass integrated AC5102 / ACC-G2 and ACC-AP ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf


∗∗∗ SSA-640968 V1.0: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf


∗∗∗ SSA-617755 V1.0: Denial of Service Vulnerability in the SNMP Agent of SCALANCE X-200IRT Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdf


∗∗∗ SSA-565356 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap before V2023.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdf


∗∗∗ SSA-491245 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf


∗∗∗ SSA-450613 V1.0: Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf


∗∗∗ SSA-252808 V1.0: XPath Constraint Vulnerability in Mendix Runtime ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf


∗∗∗ PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-001/


∗∗∗ Weintek EasyBuilder Pro cMT Series ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-23-045-01


∗∗∗ Advisory: Reflected Cross-Site Scripting Vulnerabitities in SDM ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1675607299099-en-original-1.0.pdf


∗∗∗ IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955251


∗∗∗ IBM App Connect Enterprise Certified Container operands may be vulnerable to security restrictions bypass due to [CVE-2021-25743] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955255


∗∗∗ IBM Sterling Control Center is vulnerable to a denial of service due to Jave SE (CVE-2022-21626) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955277


∗∗∗ IBM Sterling Control Center is vulnerable to security bypass due to Eclipse Openj9 (CVE-2022-3676) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955281


∗∗∗ CVE-2022-21624 may affect IBM\u00ae SDK, Java\u2122 Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955493


∗∗∗ CVE-2022-3676 may affect Eclipse Openj9 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955497


∗∗∗ IBM QRadar SIEM is vulnerable to possible information disclosure [CVE-2023-22875] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855643

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily