{"vulnerability": "CVE-2021-3839", "sightings": [{"uuid": "d7905418-8c01-4a55-a519-bec47c0cc155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38397", "type": "seen", "source": "https://t.me/cibsecurity/52195", "content": "\u203c CVE-2021-38397 \u203c\n\nHoneywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T07:29:04.000000Z"}, {"uuid": "e8a9bfb0-6bd8-4ee1-8299-ed00922a3b77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38397", "type": "seen", "source": "https://t.me/true_secator/2185", "content": "\u0412 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430\u0445 Honeywell Experion PKS \u0438 ACE \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438 \u043f\u043e \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0432\u043e\u0434\u0443 \u043e\u0431\u0435\u0441\u043f\u043e\u043a\u043e\u0435\u043d\u0430 \u0434\u0430\u0436\u0435 CISA. \u041d\u0430\u0441\u0442\u043e\u043b\u044c\u043a\u043e, \u0447\u0442\u043e \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u043d\u0430 \u044d\u0442\u043e\u0442 \u0441\u0447\u0435\u0442 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0438 \u043e\u0437\u0432\u0443\u0447\u0438\u043b\u043e \u043e\u043f\u0430\u0441\u0435\u043d\u0438\u044f.\n \n\u0418 \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0432\u0435\u0434\u044c Experion (PKS) - \u044d\u0442\u043e \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f (DCS), \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0443\u043f\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438, \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u043c\u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u0435\u043a\u0442\u043e\u0440\u043e\u0432, \u043e\u0442 \u043d\u0435\u0444\u0442\u0435\u0445\u0438\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0437\u0430\u0432\u043e\u0434\u043e\u0432 \u0434\u043e \u0430\u0442\u043e\u043c\u043d\u044b\u0445 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u0441\u0442\u0430\u043d\u0446\u0438\u0439, \u0433\u0434\u0435 \u0432\u0430\u0436\u043d\u044b \u0432\u044b\u0441\u043e\u043a\u0430\u044f \u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0441\u0442\u044c \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c.\n \n\u041e\u0448\u0438\u0431\u043a\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0433\u0443\u0440\u0443 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Claroty, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Honeywell Experion Process Knowledge System C200, C200E, C300 \u0438 ACE.\n \n\u0412 \u0446\u0435\u043b\u043e\u043c, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f:\n\u2043            CVE-2021-38397 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS: 10,0!!!) - \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0444\u0430\u0439\u043b\u0430 \u0441 \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0442\u0438\u043f\u043e\u043c.\n\u2043            CVE-2021-38395 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS: 9,1) - \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0432 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043d\u0438\u0436\u0435\u0441\u0442\u043e\u044f\u0449\u0438\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c.\n\u2043            CVE-2021-38399 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS: 7,5) - \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438.\n \n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043b\u043e\u0433\u0438\u043a\u0438, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0439 \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0435, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b CLL.\n \n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0435\u0449\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u043e\u043c\u0443 \u043e\u0442\u0447\u0435\u0442\u0443 Honeywell, \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f (CCL) \u043c\u043e\u0433\u043b\u0430 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c\u0441\u044f \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440. \u0412 \u0442\u0430\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0431\u0435\u0437 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438\u043b\u0438 \u0434\u0435\u0437\u0438\u043d\u0444\u0435\u043a\u0446\u0438\u0438, \u0434\u0430\u0432\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n \n\u0423\u043c\u0435\u043b\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u044b\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u043c, \u0438, \u0447\u0442\u043e \u0435\u0449\u0435 \u0445\u0443\u0436\u0435, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 (\u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438). \n \n\u0427\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u043d\u043e\u0433\u043e CCL \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440, Honeywell \u0432\u043d\u0435\u0434\u0440\u0438\u043b\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0432 \u043a\u0430\u0436\u0434\u044b\u0439 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b CCL, \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0439 \u043f\u0435\u0440\u0435\u0434 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c, \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e.\n \n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0438\u0432\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0434\u043d\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 10 \u0438\u0437 10, \u0447\u0442\u043e \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442\u0441\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u0440\u0435\u0434\u043a\u043e \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435.", "creation_timestamp": "2021-10-06T13:10:00.000000Z"}, {"uuid": "a5220fd6-4828-470d-acc0-f560e87cb356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38395", "type": "seen", "source": "https://t.me/true_secator/2185", "content": "\u0412 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430\u0445 Honeywell Experion PKS \u0438 ACE \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438 \u043f\u043e \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0432\u043e\u0434\u0443 \u043e\u0431\u0435\u0441\u043f\u043e\u043a\u043e\u0435\u043d\u0430 \u0434\u0430\u0436\u0435 CISA. \u041d\u0430\u0441\u0442\u043e\u043b\u044c\u043a\u043e, \u0447\u0442\u043e \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u043d\u0430 \u044d\u0442\u043e\u0442 \u0441\u0447\u0435\u0442 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0438 \u043e\u0437\u0432\u0443\u0447\u0438\u043b\u043e \u043e\u043f\u0430\u0441\u0435\u043d\u0438\u044f.\n \n\u0418 \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0432\u0435\u0434\u044c Experion (PKS) - \u044d\u0442\u043e \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f (DCS), \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0443\u043f\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438, \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u043c\u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u0435\u043a\u0442\u043e\u0440\u043e\u0432, \u043e\u0442 \u043d\u0435\u0444\u0442\u0435\u0445\u0438\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0437\u0430\u0432\u043e\u0434\u043e\u0432 \u0434\u043e \u0430\u0442\u043e\u043c\u043d\u044b\u0445 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u0441\u0442\u0430\u043d\u0446\u0438\u0439, \u0433\u0434\u0435 \u0432\u0430\u0436\u043d\u044b \u0432\u044b\u0441\u043e\u043a\u0430\u044f \u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0441\u0442\u044c \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c.\n \n\u041e\u0448\u0438\u0431\u043a\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0433\u0443\u0440\u0443 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Claroty, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Honeywell Experion Process Knowledge System C200, C200E, C300 \u0438 ACE.\n \n\u0412 \u0446\u0435\u043b\u043e\u043c, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f:\n\u2043            CVE-2021-38397 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS: 10,0!!!) - \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0444\u0430\u0439\u043b\u0430 \u0441 \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0442\u0438\u043f\u043e\u043c.\n\u2043            CVE-2021-38395 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS: 9,1) - \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0432 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043d\u0438\u0436\u0435\u0441\u0442\u043e\u044f\u0449\u0438\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c.\n\u2043            CVE-2021-38399 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS: 7,5) - \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438.\n \n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043b\u043e\u0433\u0438\u043a\u0438, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0439 \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0435, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b CLL.\n \n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0435\u0449\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u043e\u043c\u0443 \u043e\u0442\u0447\u0435\u0442\u0443 Honeywell, \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f (CCL) \u043c\u043e\u0433\u043b\u0430 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c\u0441\u044f \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440. \u0412 \u0442\u0430\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0431\u0435\u0437 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438\u043b\u0438 \u0434\u0435\u0437\u0438\u043d\u0444\u0435\u043a\u0446\u0438\u0438, \u0434\u0430\u0432\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n \n\u0423\u043c\u0435\u043b\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u044b\u0440 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u043c, \u0438, \u0447\u0442\u043e \u0435\u0449\u0435 \u0445\u0443\u0436\u0435, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 (\u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438). \n \n\u0427\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u043d\u043e\u0433\u043e CCL \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440, Honeywell \u0432\u043d\u0435\u0434\u0440\u0438\u043b\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0432 \u043a\u0430\u0436\u0434\u044b\u0439 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b CCL, \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0439 \u043f\u0435\u0440\u0435\u0434 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c, \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e.\n \n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0438\u0432\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0434\u043d\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 10 \u0438\u0437 10, \u0447\u0442\u043e \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u0442\u0441\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u0440\u0435\u0434\u043a\u043e \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435.", "creation_timestamp": "2021-10-06T13:10:00.000000Z"}, {"uuid": "bdecd840-e531-427a-8ece-a2172c29a792", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38399", "type": "seen", "source": "https://t.me/cibsecurity/52190", "content": "\u203c CVE-2021-38399 \u203c\n\nHoneywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T07:28:57.000000Z"}, {"uuid": "d061f206-8a27-419b-9009-0bfd89519958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38395", "type": "seen", "source": "https://t.me/cibsecurity/52189", "content": "\u203c CVE-2021-38395 \u203c\n\nHoneywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T07:28:56.000000Z"}, {"uuid": "28f456a7-833a-49eb-ba5f-b1cd0c316529", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38394", "type": "seen", "source": "https://t.me/cibsecurity/29927", "content": "\u203c CVE-2021-38394 \u203c\n\nAn attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:25:10.000000Z"}, {"uuid": "d81e4229-18c6-4e46-aceb-56b24cf7bd8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3839", "type": "seen", "source": "https://t.me/cibsecurity/48593", "content": "\u203c CVE-2021-3839 \u203c\n\nA flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-&gt;payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:21:41.000000Z"}, {"uuid": "fe888cd6-37ed-4e6a-a8e0-1e9a42e29066", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38396", "type": "seen", "source": "https://t.me/cibsecurity/29920", "content": "\u203c CVE-2021-38396 \u203c\n\nThe programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:48.000000Z"}, {"uuid": "5cfc2646-a8bd-416b-8694-6c050de8c26f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38398", "type": "seen", "source": "https://t.me/cibsecurity/29929", "content": "\u203c CVE-2021-38398 \u203c\n\nThe affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:25:15.000000Z"}, {"uuid": "867ac602-8fbf-4bcc-8882-4611b8eeece3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38392", "type": "seen", "source": "https://t.me/cibsecurity/29913", "content": "\u203c CVE-2021-38392 \u203c\n\nA skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T22:24:28.000000Z"}, {"uuid": "c76b6438-bd6c-4bda-a22b-043a3ea0d100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38393", "type": "seen", "source": "https://t.me/cibsecurity/28022", "content": "\u203c CVE-2021-38393 \u203c\n\nA Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\\MSSQLSERVER.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T22:32:34.000000Z"}, {"uuid": "bc99ffab-b07d-4b57-a983-7abfc804ce18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38399", "type": "seen", "source": "https://t.me/thehackernews/1565", "content": "Multiple critical vulnerabilities have been discovered in Honeywell Experion PKS and ACE Controllers that could be exploited for RCE and DoS attacks on critical processes.\n\nhttps://thehackernews.com/2021/10/multiple-critical-flaws-discovered-in.html\n\nCVE-2021-38397 (CVSS 10)\nTypeCVE-2021-38395 (CVSS 9.1)\nCVE-2021-38399 (CVSS 7.5)", "creation_timestamp": "2021-10-06T09:39:48.000000Z"}, {"uuid": "4e481867-35cf-4676-b10b-38bc1480f222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38395", "type": "seen", "source": "https://t.me/thehackernews/1565", "content": "Multiple critical vulnerabilities have been discovered in Honeywell Experion PKS and ACE Controllers that could be exploited for RCE and DoS attacks on critical processes.\n\nhttps://thehackernews.com/2021/10/multiple-critical-flaws-discovered-in.html\n\nCVE-2021-38397 (CVSS 10)\nTypeCVE-2021-38395 (CVSS 9.1)\nCVE-2021-38399 (CVSS 7.5)", "creation_timestamp": "2021-10-06T09:39:48.000000Z"}, {"uuid": "ad8b7313-5f1e-45bd-a1c0-6f3af89e1b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38397", "type": "seen", "source": "https://t.me/thehackernews/1565", "content": "Multiple critical vulnerabilities have been discovered in Honeywell Experion PKS and ACE Controllers that could be exploited for RCE and DoS attacks on critical processes.\n\nhttps://thehackernews.com/2021/10/multiple-critical-flaws-discovered-in.html\n\nCVE-2021-38397 (CVSS 10)\nTypeCVE-2021-38395 (CVSS 9.1)\nCVE-2021-38399 (CVSS 7.5)", "creation_timestamp": "2021-10-06T09:39:48.000000Z"}]}