The monthly OT Vulnerability and IoC Database update provides new threat detection capabilities for SilentDefense, including information about new asset vulnerabilities (CVEs), and other Indicators of Compromise (e.g. blacklisted IPs, domains, etc.).
What’s new?
The October update includes the following content:
- 76 new CVEs have been added
- 10 for Cisco
- 1 for Meinberg
- 1 for Mitsubishi
- 2 for Philips
- 39 for QNAP
- 6 for Rockwell
- 1 for Sick
- 16 for Siemens
- 32 CVEs have been updated because of new information from the vendor
- 17 for Schneider
- 15 for Siemens
- 28 CVE’s have their CVSS score updated
- The URL’s for advisories of US-CERT (CISA) and Siemens have all been updated, because many older URL’s pointed to no longer existing sites (also moving from http://… to https://… where applicable).
- The following new equipment is supported as of this month
- QNAP NAS-stations
- The following advisories have an update for their CVSS score
- CVE-2017-6606 / 6615 / 6634 / 6664 / 16744 / 16748
- CVE-2018-7082 / 7083 / 7838 / 11457 / 11458 / 11459 / 11460 / 11461 / 11462 / 11463 / 11464 / 11465 / 11466 / 13799 / 13808 / 13809 / 13810 / 13812 / 13813 / 13814
- CVE-2020-7524 / 13828
- 6 new IoCs have been added for
- Malware related to Drovorub (6 IP-addresses)
Supported Versions
This content update is supported by the following releases:
- SilentDefense 3.13.0 and up
Requirements
The database update must be uploaded in the SilentDefense Command Center. This is a cumulative database update, and as such only the latest update is required to bring the SilentDefense CVE and IoC content up to date.
The CVE and IoC database includes information for vulnerabilities that can be detected when specific SD Scripts are running, for example the Host and Link Add-Ons SD Script. The additional detection and fingerprinting capabilities that SD Scripts can provide allow for more comprehensive vulnerability detection.
Availability
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.