The monthly OT Vulnerability Database updates provides new Vulnerability detection information for SilentDefense, including information about new CVE vulnerabilities, and other Indicators of Compromise.
What’s new?
Download the December update for the OT Vulnerability database to gain the following vulnerability information:
- 44 new CVE’s have been added
- 1 for AutomationDirect
- 2 for Aveva
- 11 for Copa-Data
- 7 for Iconics
- 2 for Mitsubishi
- 3 for OSISoft
- 2 for Rockwell
- 8 for Schneider
- 7 for Siemens
- 1 for Wago
- 44 CVE’s have been updated because of new information from the vendor
- 3 for Cisco
- 2 for Mitsubishi
- 5 for Rockwell
- 24 for Schneider
- 10 for Siemens
- There are now 1669 CVE’s supported (+44, up from 1625).
- 2 CVE’s have their CVSS score updated
- The following new equipment is supported as of this month:
- AutomationDIrect C-More touchpanel
- Aveva Wonderware
- Copa-Data Zenon
- Iconics Genesis
- New IOC’s have been added for
- 27 URL’s related to malwares:
- Mustung Panda
- Operation In(ter)caption
- Winnti
- Gamaredon
- NewPass
- Mekotio
- MAXScrip
- Remote Access Trojan SLOTHFULMEDIA
- Comrat
- 13 IP-addresses related to C&C’s of malwares
- Mustung Panda
- Operation In(ter)caption
- GreyEnergy
- MAXScript
- Zebrocy / Sednit
- 41 MD5 hashes related to malwares
- Egregor
- Ursnif/Gozi/Dreambot
- North Korean Remote Access Tools (FASTCASH, ECCENTRICBANDWAGON and VIVACIOUSGIFT)
- Iranian Web Shells
- Remote Access Trojan SLOTHFULMEDIA
- Comrat
- Zebrocy
- 27 URL’s related to malwares:
This content update is supported by the following releases:
- SilentDefense 3.13.0 and up
Requirements
The database update must be uploaded in the SilentDefense Command Center. This is a cumulative database update, and as such only the latest update is required to bring the SilentDefense CVE and IoC content up to date.
The CVE and IoC database includes information for vulnerabilities that can be detected when specific SD Scripts are running. The additional detection and fingerprinting capabilities that SD Scripts can provide allow for more comprehensive vulnerability detection. For cases where vulnerability identification is important, it is advised to run the Host and Link Add-Ons SD Script.
SilentDefense Users:
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.