The monthly OT Vulnerability & IoC Database update provides new Vulnerability detection information for eyeInspect, including information about new CVE vulnerabilities, and new Indicators of Compromise.
Download this out-of-band release of the OT Vulnerability & IoC Database update for March:
- CVE-2021-22681 / ICSA-21-056-03 / Rockwell advisory PN1550: for a CVSS score 10 authentication bypass vulnerability in Rockwell Logix controllers.
- Blacklisted domains and IP-addresses related to a new version of the “Ryuk” malware, as published by the French National CERT.
- Blacklisted domains and IP-addresses related to threat group “RedEcho”, as published by RecordedFuture.
This out-of-band release is an update to the OT Vulnerability & IoC Database of 1-March-2021: by installing it, the 1-March-2021 OT Vulnerability & IoC Database is also installed.
This content update is supported by the following releases:
- eyeInspect 3.13.0 and up
The database update must be uploaded in the eyeInspect Command Center. This is a cumulative database update, and as such only the latest update is required to bring the eyeInspect CVE and IoC content up to date.
The CVE and IoC database includes information for vulnerabilities that can be detected when specific SD Scripts are running. The additional detection and fingerprinting capabilities that SD Scripts can provide allow for more comprehensive vulnerability detection. For cases where vulnerability identification is important, it is strongly advised to run the Host and Link Add-Ons SD Script on the sensors (“Host-Link-Addons” script version 1.34 (or higher) is available on the portal at now).
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.