KLA11658
Multiple vulnerabilities in FactoryTalk Activation Manager
Обновлено: 18/06/2020
Дата обнаружения
04/01/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in FactoryTalk Activation Manager. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Vulnerability in certain versions of Wibu-Systems CodeMeter can be exploited remotely via specially designed WEB payload to perform cross-site scripting attacks;
  2. Out-of-bounds writing vulnerability in custom string copying function of Imgrd.exe can be exploited remotely to execute arbitrary code;
Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42610

Пораженные продукты

FactoryTalk Activation Manager v4.00.02 and v4.01

  • Includes Wibu-Systems CodeMeter v6.50b and earlier

FactoryTalk Activation Manager v4.00.02 and earlier

  • Includes FlexNet Publisher v11.11.1.1 and earlier
Решение

Update to the latest version

Первичный источник обнаружения
FactoryTalk Activation Manager Vulnerabilities (need authorization)
Оказываемое влияние
?
ACE 
[?]

XSS/CSS 
[?]
Связанные продукты
FactoryTalk Activation Manager
CVE-IDS
CVE-2017-137540.0Unknown
CVE-2015-82770.0Unknown