KLA11658
Multiple vulnerabilities in FactoryTalk Activation Manager

Обновлено: 18/06/2020

Дата обнаружения	04/01/2020
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in FactoryTalk Activation Manager. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code. Below is a complete list of vulnerabilities: Vulnerability in certain versions of Wibu-Systems CodeMeter can be exploited remotely via specially designed WEB payload to perform cross-site scripting attacks; Out-of-bounds writing vulnerability in custom string copying function of Imgrd.exe can be exploited remotely to execute arbitrary code;
Эксплуатация	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/42610
Пораженные продукты	FactoryTalk Activation Manager v4.00.02 and v4.01 Includes Wibu-Systems CodeMeter v6.50b and earlier FactoryTalk Activation Manager v4.00.02 and earlier Includes FlexNet Publisher v11.11.1.1 and earlier
Решение	Update to the latest version
Первичный источник обнаружения	FactoryTalk Activation Manager Vulnerabilities (need authorization)
Оказываемое влияние ?	ACE [?] XSS/CSS [?]
Связанные продукты	FactoryTalk Activation Manager
CVE-IDS	CVE-2017-137543.5Warning
	Узнай статистику распространения уязвимостей в твоем регионе

KLA11658Multiple vulnerabilities in FactoryTalk Activation Manager