{"vulnerability": "CVE-2021-2278", "sightings": [{"uuid": "bc996297-0cd6-4a3d-97fa-46b2d59aee75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22781", "type": "seen", "source": "https://t.me/ics_cert/462", "content": "\ud83d\udea8  \u0647\u0634\u062f\u0627\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc PLC \u0647\u0627\u06cc \u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 M340 \u0648 M580 :\n\u2623\ufe0f \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631:\n\u2022 EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro) \n\u2022 EcoStruxure Control Expert V15.0 SP1 \n\u2022 EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS) \n\u2022 SCADAPack RemoteConnect for x70 (all versions) \n\u2022 Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*) \u2022 Modicon M340 CPU (all versions - part numbers BMXP34*)\n\n\ud83d\udd34 \u0644\u06cc\u0633\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u0647\u0627\u06cc \u06a9\u0634\u0641 \u0634\u062f\u0647:\n\n1\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22778CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 8.6 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0627\u062a \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0634\u0648\u062f \u0628\u0644\u0648\u06a9 \u0647\u0627\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u063a\u06cc\u0631 \u0645\u062c\u0627\u0632 \u0647\u0646\u06af\u0627\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u0627\u0646\u062f\u0647 \u06cc\u0627 \u0627\u0635\u0644\u0627\u062d \u0634\u0648\u0646\u062f.\n\n2\ufe0f\u20e3  \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22779CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 9.8 | \u062d\u06cc\u0627\u062a\u06cc | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062a\u0648\u0633\u0637 Spoofing \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u062c\u0639\u0644 \u0627\u0631\u062a\u0628\u0627\u0637 Modbus \u0628\u06cc\u0646 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u060c \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u062f\u0631 \u062d\u0627\u0644\u062a \u062e\u0648\u0627\u0646\u062f\u0646 \u0648 \u0646\u0648\u0634\u062a\u0646 \u0628\u0647 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u0645\u0646\u062c\u0631 \u0634\u0648\u062f. !!!\n\n3\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2020-12525CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.3 | \u0628\u0627\u0644\u0627 |:\nHM&amp;M \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 fdtCONTAINER \u06a9\u0627\u0645\u067e\u0648\u0646\u0646\u062a \u062f\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc 3.5.20304.x \u0648 \u0628\u06cc\u0646 3.6 \u062a\u0627 3.6.20304.x \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0645\u062d\u0631\u0648\u0645\u06cc\u062a \u0632\u062f\u0627\u06cc\u06cc \u0627\u0632 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u062f\u0631 \u0630\u062e\u06cc\u0631\u0647 \u0633\u0627\u0632\u06cc \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u062f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0627\u0633\u062a. \u062a\u0648\u062c\u0647: \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0645\u062d\u0644\u06cc \u062f\u0631 \u0627\u06cc\u0633\u062a\u06af\u0627\u0647 \u06a9\u0627\u0631\u06cc \u0645\u0647\u0646\u062f\u0633\u06cc \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u067e\u0631\u0648\u0698\u0647 \u0645\u062e\u0631\u0628 \u0634\u0648\u062f \u067e\u0631\u0648\u0646\u062f\u0647 \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n4\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22780CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.1 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u0628\u0627 \u06af\u0630\u0631\u0648\u0627\u0698\u0647 \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a \u0627\u0634\u062a\u0631\u0627\u06a9 \u0627\u06cc\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 \u0628\u0627 \u0645\u0646\u0627\u0628\u0639 \u063a\u06cc\u0631\u0645\u0639\u062a\u0628\u0631. \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062d\u0641\u0627\u0638\u062a \u0627\u0632 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u0639\u0628\u0648\u0631 \u06a9\u0646\u062f \u0648 \u0628\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u0648 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u062f.\n\n5\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22781CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0639\u062a\u0628\u0627\u0631 SMTP \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0631\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0635\u0646\u062f\u0648\u0642 \u067e\u0633\u062a\u06cc \u0634\u0648\u062f \u0648\u0642\u062a\u06cc \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.\n\n6\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22782CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f \u060c \u0628\u0627\u0639\u062b \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0628\u06a9\u0647 \u060c \u067e\u0631\u062f\u0627\u0632\u0634 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u06cc\u0627 \u062f\u0627\u0631\u0627\u06cc\u06cc \u0647\u0627\u06cc \u0645\u0639\u0646\u0648\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n\u2705 \u0645\u0633\u062a\u0646\u062f \u0634\u0631\u06a9\u062a \u0627\u0634\u0646\u0627\u06cc\u062f\u0631:\nhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2021-07-15T11:07:30.000000Z"}, {"uuid": "f76963fc-dd07-4a44-a31b-d395c08502e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22780", "type": "seen", "source": "https://t.me/ics_cert/462", "content": "\ud83d\udea8  \u0647\u0634\u062f\u0627\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc PLC \u0647\u0627\u06cc \u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 M340 \u0648 M580 :\n\u2623\ufe0f \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631:\n\u2022 EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro) \n\u2022 EcoStruxure Control Expert V15.0 SP1 \n\u2022 EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS) \n\u2022 SCADAPack RemoteConnect for x70 (all versions) \n\u2022 Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*) \u2022 Modicon M340 CPU (all versions - part numbers BMXP34*)\n\n\ud83d\udd34 \u0644\u06cc\u0633\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u0647\u0627\u06cc \u06a9\u0634\u0641 \u0634\u062f\u0647:\n\n1\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22778CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 8.6 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0627\u062a \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0634\u0648\u062f \u0628\u0644\u0648\u06a9 \u0647\u0627\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u063a\u06cc\u0631 \u0645\u062c\u0627\u0632 \u0647\u0646\u06af\u0627\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u0627\u0646\u062f\u0647 \u06cc\u0627 \u0627\u0635\u0644\u0627\u062d \u0634\u0648\u0646\u062f.\n\n2\ufe0f\u20e3  \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22779CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 9.8 | \u062d\u06cc\u0627\u062a\u06cc | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062a\u0648\u0633\u0637 Spoofing \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u062c\u0639\u0644 \u0627\u0631\u062a\u0628\u0627\u0637 Modbus \u0628\u06cc\u0646 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u060c \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u062f\u0631 \u062d\u0627\u0644\u062a \u062e\u0648\u0627\u0646\u062f\u0646 \u0648 \u0646\u0648\u0634\u062a\u0646 \u0628\u0647 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u0645\u0646\u062c\u0631 \u0634\u0648\u062f. !!!\n\n3\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2020-12525CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.3 | \u0628\u0627\u0644\u0627 |:\nHM&amp;M \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 fdtCONTAINER \u06a9\u0627\u0645\u067e\u0648\u0646\u0646\u062a \u062f\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc 3.5.20304.x \u0648 \u0628\u06cc\u0646 3.6 \u062a\u0627 3.6.20304.x \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0645\u062d\u0631\u0648\u0645\u06cc\u062a \u0632\u062f\u0627\u06cc\u06cc \u0627\u0632 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u062f\u0631 \u0630\u062e\u06cc\u0631\u0647 \u0633\u0627\u0632\u06cc \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u062f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0627\u0633\u062a. \u062a\u0648\u062c\u0647: \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0645\u062d\u0644\u06cc \u062f\u0631 \u0627\u06cc\u0633\u062a\u06af\u0627\u0647 \u06a9\u0627\u0631\u06cc \u0645\u0647\u0646\u062f\u0633\u06cc \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u067e\u0631\u0648\u0698\u0647 \u0645\u062e\u0631\u0628 \u0634\u0648\u062f \u067e\u0631\u0648\u0646\u062f\u0647 \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n4\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22780CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.1 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u0628\u0627 \u06af\u0630\u0631\u0648\u0627\u0698\u0647 \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a \u0627\u0634\u062a\u0631\u0627\u06a9 \u0627\u06cc\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 \u0628\u0627 \u0645\u0646\u0627\u0628\u0639 \u063a\u06cc\u0631\u0645\u0639\u062a\u0628\u0631. \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062d\u0641\u0627\u0638\u062a \u0627\u0632 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u0639\u0628\u0648\u0631 \u06a9\u0646\u062f \u0648 \u0628\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u0648 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u062f.\n\n5\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22781CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0639\u062a\u0628\u0627\u0631 SMTP \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0631\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0635\u0646\u062f\u0648\u0642 \u067e\u0633\u062a\u06cc \u0634\u0648\u062f \u0648\u0642\u062a\u06cc \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.\n\n6\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22782CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f \u060c \u0628\u0627\u0639\u062b \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0628\u06a9\u0647 \u060c \u067e\u0631\u062f\u0627\u0632\u0634 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u06cc\u0627 \u062f\u0627\u0631\u0627\u06cc\u06cc \u0647\u0627\u06cc \u0645\u0639\u0646\u0648\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n\u2705 \u0645\u0633\u062a\u0646\u062f \u0634\u0631\u06a9\u062a \u0627\u0634\u0646\u0627\u06cc\u062f\u0631:\nhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2021-07-15T11:07:30.000000Z"}, {"uuid": "d7fdc14f-f6ce-4eed-ac4b-e07b39defac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22782", "type": "seen", "source": "https://t.me/ics_cert/462", "content": "\ud83d\udea8  \u0647\u0634\u062f\u0627\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc PLC \u0647\u0627\u06cc \u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 M340 \u0648 M580 :\n\u2623\ufe0f \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631:\n\u2022 EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro) \n\u2022 EcoStruxure Control Expert V15.0 SP1 \n\u2022 EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS) \n\u2022 SCADAPack RemoteConnect for x70 (all versions) \n\u2022 Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*) \u2022 Modicon M340 CPU (all versions - part numbers BMXP34*)\n\n\ud83d\udd34 \u0644\u06cc\u0633\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u0647\u0627\u06cc \u06a9\u0634\u0641 \u0634\u062f\u0647:\n\n1\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22778CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 8.6 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0627\u062a \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0634\u0648\u062f \u0628\u0644\u0648\u06a9 \u0647\u0627\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u063a\u06cc\u0631 \u0645\u062c\u0627\u0632 \u0647\u0646\u06af\u0627\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u0627\u0646\u062f\u0647 \u06cc\u0627 \u0627\u0635\u0644\u0627\u062d \u0634\u0648\u0646\u062f.\n\n2\ufe0f\u20e3  \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22779CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 9.8 | \u062d\u06cc\u0627\u062a\u06cc | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062a\u0648\u0633\u0637 Spoofing \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u062c\u0639\u0644 \u0627\u0631\u062a\u0628\u0627\u0637 Modbus \u0628\u06cc\u0646 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u060c \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u062f\u0631 \u062d\u0627\u0644\u062a \u062e\u0648\u0627\u0646\u062f\u0646 \u0648 \u0646\u0648\u0634\u062a\u0646 \u0628\u0647 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u0646\u062f\u0647 \u0645\u0646\u062c\u0631 \u0634\u0648\u062f. !!!\n\n3\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2020-12525CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.3 | \u0628\u0627\u0644\u0627 |:\nHM&amp;M \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 fdtCONTAINER \u06a9\u0627\u0645\u067e\u0648\u0646\u0646\u062a \u062f\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc 3.5.20304.x \u0648 \u0628\u06cc\u0646 3.6 \u062a\u0627 3.6.20304.x \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u0645\u062d\u0631\u0648\u0645\u06cc\u062a \u0632\u062f\u0627\u06cc\u06cc \u0627\u0632 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u063a\u06cc\u0631\u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u062f\u0631 \u0630\u062e\u06cc\u0631\u0647 \u0633\u0627\u0632\u06cc \u067e\u0631\u0648\u0698\u0647 \u062e\u0648\u062f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0627\u0633\u062a. \u062a\u0648\u062c\u0647: \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0645\u062d\u0644\u06cc \u062f\u0631 \u0627\u06cc\u0633\u062a\u06af\u0627\u0647 \u06a9\u0627\u0631\u06cc \u0645\u0647\u0646\u062f\u0633\u06cc \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u067e\u0631\u0648\u0698\u0647 \u0645\u062e\u0631\u0628 \u0634\u0648\u062f \u067e\u0631\u0648\u0646\u062f\u0647 \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0645\u0647\u0646\u062f\u0633\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n4\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22780CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 7.1 | \u0628\u0627\u0644\u0627 | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0628\u0647 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u062f\u0647 \u0628\u0627 \u06af\u0630\u0631\u0648\u0627\u0698\u0647 \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a \u0627\u0634\u062a\u0631\u0627\u06a9 \u0627\u06cc\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 \u0628\u0627 \u0645\u0646\u0627\u0628\u0639 \u063a\u06cc\u0631\u0645\u0639\u062a\u0628\u0631. \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062d\u0641\u0627\u0638\u062a \u0627\u0632 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u0639\u0628\u0648\u0631 \u06a9\u0646\u062f \u0648 \u0628\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u0648 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u062f.\n\n5\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22781CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0639\u062a\u0628\u0627\u0631 \u06a9\u0627\u0641\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0646\u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0639\u062a\u0628\u0627\u0631 SMTP \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0631\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0635\u0646\u062f\u0648\u0642 \u067e\u0633\u062a\u06cc \u0634\u0648\u062f \u0648\u0642\u062a\u06cc \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.\n\n6\ufe0f\u20e3 \u0634\u0646\u0627\u0633\u0647 CVE: CVE-2021-22782CVSS v3.1 \u0627\u0645\u062a\u06cc\u0627\u0632 \u067e\u0627\u06cc\u0647 6.2 | \u0645\u062a\u0648\u0633\u0637   | : \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0646\u0634\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f \u060c \u062f\u0631\u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u067e\u0631\u0648\u0646\u062f\u0647 \u067e\u0631\u0648\u0698\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f \u060c \u0628\u0627\u0639\u062b \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0628\u06a9\u0647 \u060c \u067e\u0631\u062f\u0627\u0632\u0634 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u06cc\u0627 \u062f\u0627\u0631\u0627\u06cc\u06cc \u0647\u0627\u06cc \u0645\u0639\u0646\u0648\u06cc \u0645\u06cc \u0634\u0648\u062f.\n\n\u2705 \u0645\u0633\u062a\u0646\u062f \u0634\u0631\u06a9\u062a \u0627\u0634\u0646\u0627\u06cc\u062f\u0631:\nhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2021-07-15T11:07:30.000000Z"}, {"uuid": "9adafa7d-dd18-493c-910d-3c94011615b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22786", "type": "seen", "source": "https://t.me/cibsecurity/57242", "content": "\u203c CVE-2021-22786 \u203c\n\nA CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T07:13:54.000000Z"}, {"uuid": "aa7ab88b-1c21-49da-a8b0-38bf995aa319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22785", "type": "seen", "source": "https://t.me/cibsecurity/37312", "content": "\u203c CVE-2021-22785 \u203c\n\nA CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:28:56.000000Z"}, {"uuid": "4c8926ea-e9b9-4d93-9db2-9d63eee81110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22787", "type": "seen", "source": "https://t.me/cibsecurity/37318", "content": "\u203c CVE-2021-22787 \u203c\n\nA CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:29:03.000000Z"}, {"uuid": "1560f322-1eba-4014-8938-35430b0c848c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22789", "type": "seen", "source": "https://t.me/cibsecurity/28240", "content": "\u203c CVE-2021-22789 \u203c\n\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure\u00c2\u00aa Control Expert, including all Unity Pro versions (former name of EcoStruxure\u00c2\u00aa Control Expert, all versions), PLC Simulator for EcoStruxure\u00c2\u00aa Process Expert including all HDCS versions (former name of EcoStruxure\u00c2\u00aa Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-02T20:37:30.000000Z"}, {"uuid": "84aa74af-8279-4bb3-b7f9-5560e315bd49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22781", "type": "seen", "source": "https://t.me/cibsecurity/26148", "content": "\u203c CVE-2021-22781 \u203c\n\nInsufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-14T18:25:31.000000Z"}]}