The monthly OT Vulnerability & IoC Database update provides new detection capabilities for eyeInspect by including new CVEs and new Indicators of Compromise.
Download the April update for the OT Vulnerability & IoC database to gain the following vulnerability information:
- 42 new CVE’s have been added
- 2 for Brocade
- 10 for Cisco
- 10 for GE Grid
- 1 for HPE
- 4 for Rockwell
- 2 for Schneider
- 13 for Siemens
- 70 CVE’s have been updated because of new information from the vendor, or because the ICSA-designation became known
- 1 for Broadcom
- 17 for Cisco
- 8 for HPE
- 1 for Mitsubishi
- 2 for Rockwell
- 19 for Schneider
- 21 for Siemens
- 1 for Wago
- There are now 1919 CVE’s supported (+42, up from 1877)
- 4 CVE’s have their CVSS score updated
- CVE-2016-2183, CVE-2020-25238, CVE-2021-1228 and CVE-2021-22681 because NVD published them or updated them.
- The following new equipment is supported as of this month:
- Siemens “MV400” series barcode scanners
- GE Grid “UR” IED’s (B30, B90, C30, C60, C70, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35, T60) in combination with the IEC-61850 protocol
- In order to recognize new vendors / devices added in this and previous months, the “Host-Link-Addons” script version 1.34 (or higher) is needed which must be installed on the sensor(s). This script is available from the OT customer portal.
- New IOC’s have been added:
- URL’s related to “LazyScripter” and “Silverfish” malware
- IP-addresses related to “LazyScripter” malware
- IP-addresses related to “Silverfish” malware: C&C servers, C&C proxies, traffic distribution servers and exploitation servers.
- MD5 hashes related to “Silverfish” malware.
- The IOC’s published in the out-of-band update at the beginning of March are also included.
- For several Cisco advisories published between 2014 and 2019 the confidence level has been changed from “High” to “Medium”, because Cisco hasn’t published a list of vulnerable software versions (as they usually do) but only a list of software versions in which the vulnerability has been fixed. Where available, the lists of fixed software versions have been updated.
This content update is supported by the following releases:
- eyeInspect 3.13.0 and up
The database update must be uploaded in the eyeInspect Command Center. This is a cumulative database update, and as such only the latest update is required to bring the eyeInspect CVE and IoC content up to date.
The CVE and IoC database includes information for vulnerabilities that can be detected when specific SD Scripts are running. The additional detection and fingerprinting capabilities that SD Scripts can provide allow for more comprehensive vulnerability detection. For cases where vulnerability identification is important, it is strongly advised to run the Host and Link Add-Ons SD Script on the sensors (“Host-Link-Addons” script version 1.34 (or higher) is available on the portal at now)
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.