{"vulnerability": "CVE-2020-2725", "sightings": [{"uuid": "b1c562e5-6183-4941-addb-feae52bc2484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27257", "type": "seen", "source": "https://t.me/cibsecurity/23304", "content": "\u203c CVE-2020-27257 \u203c\n\nThis vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-09T18:40:36.000000Z"}, {"uuid": "c2df35bd-b335-4497-8088-4aac43cfe3fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27259", "type": "seen", "source": "https://t.me/ics_cert/379", "content": "\u0647\u0634\u062f\u0627\u0631 \u062f\u0631 \u062e\u0635\u0648\u0635 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2020-27259 \u062f\u0631 Omron CX-One \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f. \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0646\u0633\u0628\u062a \u0628\u0647 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0627\u0642\u062f\u0627\u0645 \u0634\u0648\u062f. \n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u0627\u062f\u0631\u0633 \u0627\u06cc\u0645\u06cc\u0644:\nadmin@ics-cert.ir\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti\n\u0648\u0628\u0633\u0627\u06cc\u062a:\nhttps://ics-cert.ir", "creation_timestamp": "2021-01-08T14:38:10.000000Z"}, {"uuid": "168e1c1c-401a-4b0e-b070-b029ac54a64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27250", "type": "seen", "source": "https://t.me/cibsecurity/23420", "content": "\u203c CVE-2020-27250 \u203c\n\nIn SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-11T00:41:56.000000Z"}, {"uuid": "d69d4c06-da6a-4af7-907e-93499fe1b2f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27259", "type": "seen", "source": "https://t.me/cibsecurity/23298", "content": "\u203c CVE-2020-27259 \u203c\n\nThe Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-09T18:40:30.000000Z"}, {"uuid": "05dcd739-2909-45d6-89ff-085964d48b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27256", "type": "seen", "source": "https://t.me/cibsecurity/22309", "content": "\u203c CVE-2020-27256 \u203c\n\nIn SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T00:26:23.000000Z"}, {"uuid": "ccaca39d-69d4-45ef-b666-a44bb6d509c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27258", "type": "seen", "source": "https://t.me/cibsecurity/22313", "content": "\u203c CVE-2020-27258 \u203c\n\nIn SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump\u00e2\u20ac\u2122s keypad lock PIN via Bluetooth Low Energy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T00:26:27.000000Z"}, {"uuid": "3d67a27e-86a1-4e8d-942f-39d7ee63eb4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27251", "type": "seen", "source": "https://t.me/cibsecurity/16858", "content": "\u203c CVE-2020-27251 \u203c\n\nA heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-26T07:48:25.000000Z"}, {"uuid": "af24a264-4316-4b32-b6a8-23e7ce748354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27253", "type": "seen", "source": "https://t.me/cibsecurity/16857", "content": "\u203c CVE-2020-27253 \u203c\n\nA flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-26T07:48:24.000000Z"}, {"uuid": "7d071073-b7e4-48dc-8d0a-c37425f090da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27255", "type": "seen", "source": "https://t.me/cibsecurity/16863", "content": "\u203c CVE-2020-27255 \u203c\n\nA heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-26T07:48:32.000000Z"}]}