The monthly OT Vulnerability & IoC Database update provides new detection capabilities for eyeInspect by including new CVEs and new Indicators of Compromise.
Download the May update for the OT Vulnerability & IoC database to gain the following vulnerability information:
- 26 new CVE’s have been added
- 13 for Kuka
- 2 for Rockwell
- 10 for Siemens
- 1 for Tridium
- 57 CVE’s have been updated because of new information from the vendor, or because the ICSA-designation became known
- 3 for Cisco
- 8 for HPE
- 19 for Schneider
- 27 for Siemens
- There are now 1945 CVE’s supported (+26, up from 1919)
- 4 CVE’s have their CVSS score updated
- CVE-2021-1375, CVE-2021-1376, CVE-2021-1391, CVE-2021-1392 because NVD published them or updated them.
- The following new equipment is supported as of this month:
- Kuka “KR C4” robots
- In order to recognize new vendors / devices added in this and previous months, the “Host-Link-Addons” script version 1.34 (or higher) is needed which must be installed on the sensor(s). This script is available from the OT customer portal.
- New IOC’s have been added:
- MD5 hashes related to the Pulse Secure VPN malware family
- URL’s related to Silverfish malware, and Kimsuky spyware
- Blacklisted credentials for GE Grid MU320 and DR60 devices (factory default passwords)
- Blacklisted IP-addresses related to Silverfish, CRING and SBIDIOT malwares, Kimsuky spyware, and CRING Cobalt Strike C&C
This content update is supported by the following releases:
- eyeInspect 3.13.0 and up
The database update must be uploaded in the eyeInspect Command Center. This is a cumulative database update, and as such only the latest update is required to bring the eyeInspect CVE and IoC content up to date.
The CVE and IoC database includes information for vulnerabilities that can be detected when specific SD Scripts are running. The additional detection and fingerprinting capabilities that SD Scripts can provide allow for more comprehensive vulnerability detection. For cases where vulnerability identification is important, it is strongly advised to run the Host and Link Add-Ons SD Script on the sensors (“Host-Link-Addons” script version 1.34 (or higher) is available on the portal at now)
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.