{"vulnerability": "CVE-2020-1252", "sightings": [{"uuid": "8cec7527-2da6-45ae-9189-d3ec2ad1c9f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12525", "type": "seen", "source": "https://t.me/cibsecurity/22536", "content": "\u203c CVE-2020-12525 \u203c\n\nM&amp;M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-22T22:29:28.000000Z"}, {"uuid": "0ae4bef8-1e98-47a4-85da-d60f0fa98a9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12525", "type": "seen", "source": "https://t.me/ics_cert/462", "content": "\ud83d\udea8  \u0647\u0634\u062f\u0627\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc PLC \u0647\u0627\u06cc \u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 M340 \u0648 M580 :\n\u2623\ufe0f \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631:\n\u2022 EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro) \n\u2022 EcoStruxure Control Expert V15.0 SP1 \n\u2022 EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS) \n\u2022 SCADAPack RemoteConnect for x70 (all versions) \n\u2022 Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*) \u2022 Modicon M340 CPU (all versions - part numbers BMXP34*)\n\n\ud83d\udd34 \u0644\u06cc\u0633\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u0647\u0627\u06cc \u06a9\u0634\u0641 \u0634\u062f\u0647:\n\n1\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22778CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 8.6 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0627\u062a \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0634\u0648\u062f \u0628\u0644\u0648\u06a9 \u0647\u0627\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u063a\u06cc\u0631 \u0645\u062c\u0627\u0632 \u0647\u0646\u06af\u0627\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u0627\u0646\u062f\u0647 \u06cc\u0627 \u0627\u0635\u0644\u0627\u062d \u0634\u0648\u0646\u062f.\n\n2\ufe0f\u20e3  \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22779CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 9.8 | \u062d\u06cc\u0627\u062a\u06cc | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062a\u0648\u0633\u0637 Spoofing \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u062c\u0639\u0644 \u0627\u0631\u062a\u0628\u0627\u0637 Modbus \u0628\u06cc\u0646 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u060c \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u062f\u0631 \u062d\u0627\u0644\u062a \u062e\u0648\u0627\u0646\u062f\u0646 \u0648 \u0646\u0648\u0634\u062a\u0646 \u0628\u0647 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u0645\u0646\u062c\u0631 \u0634\u0648\u062f. !!!\n\n3\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2020-12525CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.3 | \u0628\u0627\u0644\u0627 |:\nHM&amp;M \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 fdtCONTAINER \u06a9\u0627\u0645\u067e\u0648\u0646\u0646\u062a \u062f\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc 3.5.20304.x \u0648 \u0628\u06cc\u0646 3.6 \u062a\u0627 3.6.20304.x \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0645\u062d\u0631\u0648\u0645\u06cc\u062a \u0632\u062f\u0627\u06cc\u06cc \u0627\u0632 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u062f\u0631 \u0630\u062e\u06cc\u0631\u0647 \u0633\u0627\u0632\u06cc \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u062f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0627\u0633\u062a. \u062a\u0648\u062c\u0647: \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0645\u062d\u0644\u06cc \u062f\u0631 \u0627\u06cc\u0633\u062a\u06af\u0627\u0647 \u06a9\u0627\u0631\u06cc \u0645\u0647\u0646\u062f\u0633\u06cc \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u067e\u0631\u0648\u0698\u0647 \u0645\u062e\u0631\u0628 \u0634\u0648\u062f \u067e\u0631\u0648\u0646\u062f\u0647 \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n4\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22780CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.1 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u0628\u0627 \u06af\u0630\u0631\u0648\u0627\u0698\u0647 \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a \u0627\u0634\u062a\u0631\u0627\u06a9 \u0627\u06cc\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 \u0628\u0627 \u0645\u0646\u0627\u0628\u0639 \u063a\u06cc\u0631\u0645\u0639\u062a\u0628\u0631. \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062d\u0641\u0627\u0638\u062a \u0627\u0632 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u0639\u0628\u0648\u0631 \u06a9\u0646\u062f \u0648 \u0628\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u0648 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u062f.\n\n5\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22781CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0639\u062a\u0628\u0627\u0631 SMTP \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0631\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0635\u0646\u062f\u0648\u0642 \u067e\u0633\u062a\u06cc \u0634\u0648\u062f \u0648\u0642\u062a\u06cc \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.\n\n6\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22782CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f \u060c \u0628\u0627\u0639\u062b \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0628\u06a9\u0647 \u060c \u067e\u0631\u062f\u0627\u0632\u0634 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u06cc\u0627 \u062f\u0627\u0631\u0627\u06cc\u06cc \u0647\u0627\u06cc \u0645\u0639\u0646\u0648\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n\u2705 \u0645\u0633\u062a\u0646\u062f \u0634\u0631\u06a9\u062a \u0627\u0634\u0646\u0627\u06cc\u062f\u0631:\nhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2021-07-15T11:07:30.000000Z"}, {"uuid": "f8b96cf2-a38f-47be-a5f3-ccebd3c36635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12527", "type": "seen", "source": "https://t.me/cibsecurity/24370", "content": "\u203c CVE-2020-12527 \u203c\n\nAn issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-03T00:44:39.000000Z"}, {"uuid": "ecaa5c67-5595-4e8d-bc6f-5d3d40013083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12528", "type": "seen", "source": "https://t.me/cibsecurity/24373", "content": "\u203c CVE-2020-12528 \u203c\n\nAn issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-03T00:44:42.000000Z"}, {"uuid": "b41d3a44-9d5a-43b8-be27-0dcc177fbce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12529", "type": "seen", "source": "https://t.me/cibsecurity/24372", "content": "\u203c CVE-2020-12529 \u203c\n\nAn issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-03T00:44:41.000000Z"}, {"uuid": "03f7bbf4-5931-4411-b3dc-7299c4053d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12524", "type": "seen", "source": "https://t.me/cibsecurity/17033", "content": "\u203c CVE-2020-12524 \u203c\n\nUncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-02T18:55:08.000000Z"}, {"uuid": "e7f9fb1b-e191-47eb-8c0c-1cc9c817db89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12522", "type": "seen", "source": "https://t.me/cibsecurity/21038", "content": "\u203c CVE-2020-12522 \u203c\n\nThe reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions &lt;=FW10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T02:43:19.000000Z"}, {"uuid": "15b4b305-32a4-40de-a93c-eda6a1d306f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12521", "type": "seen", "source": "https://t.me/cibsecurity/21027", "content": "\u203c CVE-2020-12521 \u203c\n\nOn Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T02:43:06.000000Z"}]}