Monday, November 22, 2021

Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet

Yuri Kramarz discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software. 

R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from individual routers in the network and records the data into a SQL database. The vulnerabilities Talos discovered exist in various scripts inside of R-SeeNet's web applications. 

TALOS-2021-1366 (several CVEs, please refer to advisory for more information), TALOS-2021-1365 (CVE-2021-21920, CVE-2021-21921, CVE-2021-21922, CVE-2021-21923), TALOS-2021-1363 (CVE-2021-21915, CVE-2021-21916, CVE-2021-21917) and TALOS-2021-1364 (CVE-2021-21918, CVE-2021-21919) are SQL injection vulnerabilities that exist in various R-SeeNet pages.

There is also a privilege escalation vulnerability, TALOS-2021-1360 (CVE-2021-21910, CVE-2021-21911, CVE-2021-21912) that only exists in the Windows version of the software. An attacker could exploit this vulnerability to place a specially-crafted file on the system to escalate privileges to NT SYSTEM authority.

Cisco Talos worked with Advantech to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy

Users are encouraged to update these affected products as soon as possible: Advantech R-SeeNet, version 2.4.15 (30.07.2021). Talos tested and confirmed these versions of R-SeeNet could be exploited by this vulnerability. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58034 - 58041. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.