1 2 3 4 5 6 7 8 9 10
Third-Party-Whitepapers_Icon datasheet smart-tv white-papers videos tech-notes solution-briefs infographics case-studies brochures awards reviews podcasts guides

Forescout

Feb 8, 2021

OT Vulnerability & IoC Database February 2021

The monthly OT Vulnerability Database updates provides new Vulnerability detection information for eyeInspect, including information about new CVE vulnerabilities, and other Indicators of Compromise.

What’s new?

Download the February update for the OT Vulnerability database to gain the following vulnerability information:

  • 43 new CVE’s have been added
    • 14 for ABB
    • 2 for GE Grid
    • 1 for Meinberg
    • 6 for QNAP
    • 8 for Rockwell
    • 3 for Schneider
    • 9 for Siemens
  • 43 CVE’s have been updated because of new information from the vendor
    • 27 for Schneider
    • 14 for Siemens
    • 2 for Yokogawa
  • There are now 1809 CVE’s supported (+43, up from 1766)
  • 30 CVE’s have their CVSS score updated
  • All references to http://nvd.nist.org are changed to https://nvd.nist.org
  • In order to recognize new vendors / devices added in this and previous months, it is recommended to install the “Host-Link-Addons” script version 1.34 (or higher) on the sensor(s). This script is available from the customer portal.
  • New IOC’s have been added for
    • 3 new URL’s and 3 new IP-addresses related to Solarwinds Orion (as listed in CISA publication AA20-352a)
    • 3 MD5 hashes related to the SuperNova malware, related to Solarwinds Orion (as listed in CISA publication AR21-027A)
    • 7 new URL’s related to the Solarigate backdoor malware (as listed in a Microsoft publication of 01/20/2021)
    • 2 new MD5 hashes related to Solarwinds Orion
    • 9 new MD5 hashes related to Sunburst / Kazuar
    • 7 new IP-addresses related to Solarwinds Orion (as listed by FireEye)
  • In the list of default factory passwords, the following entries have been added:
    • Username “easergy’, password ‘easergy’ or ‘Easergy’: for Schneider T200
    • Username ‘root’, password ‘zyad5001’: for Zyxel PK5001Z as listed in CVE-2016-10401
    • Username ‘zyfwp’, password ‘PrOw!aN_fXp’: for Zyxel USG, ATP, VPN, ZyWALL or USG FLEX, firmware version 4.60; and NXC2500, NXC5500 firmware version 6.00-6.10 as listed in CVE-2020-29583

Supported Versions

This content update is supported by the following releases:

  • eyeInspect 3.13.0 and up

Requirements

The database update must be uploaded in the eyeInspect Command Center. This is a cumulative database update, and as such only the latest update is required to bring the eyeInspect CVE and IoC content up to date.

The CVE and IoC database includes information for vulnerabilities that can be detected when specific SD Scripts are running. The additional detection and fingerprinting capabilities that SD Scripts can provide allow for more comprehensive vulnerability detection. For cases where vulnerability identification is important, it is strongly advised to run the Host and Link Add-Ons SD Script on the sensors (“Host-Link-Addons” script version 1.34 (or higher) is available on te portal at now)

Availability

eyeInspect Users:
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.

Back to Resources
Announcement Archive

Contact Us

Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591

Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134