The monthly OT Vulnerability & IoC Database update provides new Vulnerability detection information for eyeInspect, including information about new CVE vulnerabilities, and new Indicators of Compromise.
Download the March update for the OT Vulnerability & IoC database to gain the following vulnerability information:
- 68 new CVE’s have been added
- 3 for Cisco
- 1 for Digi
- 2 for General Electric
- 1 for Hewlett-Packard
- 1 for Loytec
- 6 for Moxa
- 2 for Rockwell
- 3 for Schneider
- 17 for SEL
- 32 for Siemens
- 33 CVE’s have been updated because of new information from the vendor
- 4 for Rockwell
- 4 for Schneider
- 25 for Siemens
- There are now 1877 CVE’s supported (+68, up from 1809)
- 4 CVE’s have their CVSS score updated
- CVE-2020-6088 / 25684 / 25685 / 25686
- The following new equipment is supported as of this month:
- Moxa PT-7528 / 7828.
- Cisco Meraki MR / MS / MV / MX.
- Siemens DIGSI4.
- All references to http://… are updated to https://…, if the URL still existed. If not, a replacement is inserted if one could be found, otherwise the reference is deleted.
- In order to recognize new vendors / devices added in this and previous months, it is recommended to install the “Host-Link-Addons” script version 1.34 (or higher) on the sensor(s). This script is available from the OT customer portal.
- New IOC’s have been added for
- The list of IP-addresses for Tor exit-nodes has been upgraded.
- URL’s and MD5 hashes related to North-Korean cryptocurrency malware “AppleJeus” (as listed in US CISA advisory “AA21-048A”). This malware is targeting institutions in several sectors like: energy, finance, government, industry, technology, and telecommunications in many countries,
- URL’s related to Iranian APT malware “Infy” (as listed by Checkpoint)
- MD5 hashes related to Solarwinds Orion (as listed in US CISA advisory “AA20-352A”).
This content update is supported by the following releases:
- eyeInspect 3.13.0 and up
The database update must be uploaded in the eyeInspect Command Center. This is a cumulative database update, and as such only the latest update is required to bring the eyeInspect CVE and IoC content up to date.
The CVE and IoC database includes information for vulnerabilities that can be detected when specific SD Scripts are running. The additional detection and fingerprinting capabilities that SD Scripts can provide allow for more comprehensive vulnerability detection. For cases where vulnerability identification is important, it is strongly advised to run the Host and Link Add-Ons SD Script on the sensors (“Host-Link-Addons” script version 1.34 (or higher) is available on the portal at now).
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.