ICSA-20-084-01 · Published 2021-11-18 · View on CISA ICS-CERT ↗

VISAM Automation Base (VBASE) (Update B)

CVSS 9.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to read the contents of unexpected files, escalate privileges to system level, execute arbitrary code on the targeted system, bypass security mechanisms, and discover the cryptographic key for the web login.

CVEs (5)

CVE-2020-7008 CVE-2020-7004 CVE-2020-10601 CVE-2020-7000 CVE-2020-10599

Remediations

VISAM recommends users update to VBASE v11.7.0.2 or later. A download link will be provided by submitting a request form.
For more information, please contact VISAM using the information provided on their contact page.
For more information about these vulnerabilities and how VISAM plans to address them, please contact VISAM using the information provided on their contact page (German language).

Affected Vendors

VISAM

Affected Products (1)

VISAM · VBASE Editor 11.5.0.2

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more