Prima Systems FlexAir (ICSA-19-211-02)

The NCCIC has published an advisory on numerous types of vulnerabilities in Prima Systems FlexAir. Versions 2.3.38 and prior are affected. Exploitation of these vulnerabilities may allow an attacker to execute commands directly on the operating system, upload malicious files, perform actions with administrative privileges, execute arbitrary code in a user’s browser, discover login credentials, bypass normal authentication, and have full system access. Prima Systems has released Version 2.5.12 to fix these issues. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.