Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43762PUBLISHED: 2023-02-08Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
CVE-2022-43763PUBLISHED: 2023-02-08Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
CVE-2022-43764PUBLISHED: 2023-02-08Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code.
CVE-2022-43765PUBLISHED: 2023-02-08B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.
CVE-2022-2094PUBLISHED: 2023-02-08The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting
User Rank: Apprentice
4/28/2020 | 12:41:28 PM
The good news is you can reference the list of URLs used in the attack and immediately guard against access to these sites, at least. While updated versions of the trojan may point to other domains, it's a start. Additionally they provide a comprehensive file list that can be used for system scans of malicious files.
Because this SQL injection attack will have been patched against already in a hotfix, the biggest issue currently is the Sophos user base that does not have automatic updates enabled. Opening themselves up to the Asnarok attackers will not only provide access to data for as long as their Sophos installs remain unpatched, they offer a testbed for modifications to the code that could allow bypassing any changes made in the hotfix.