Tuesday, July 28, 2020

Critical Secomea, Moxa, Ewon pre-auth RCE vulnerabilities. CVE-2020-14500, CVE-2020-14511, CVE-2020-14498 (crosspost)

Crosspost from https://www.reddit.com/r/PLC/comments/hzrekl/critical_secomea_moxa_ewo_preauth_rce/

Secomea GateManager, Moxa EDR-G902/3 and eWon’s eCatcher have had pre-auth RCE vulnerabilities discovered. Patch ASAP.

The discovered bug occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required.

https://www.claroty.com/2020/07/28/vpn-security-flaws/



No comments:

Post a Comment