Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9463

    • Updated:
    • 7 Oct 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9463      October 6, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9463.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9463.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 22
 Modified Filters (logic changes) - 19
 Modified Filters (metadata changes only) - 6
 Removed Filters - 0

Filters
----------------
 New Filters:
    38208: HTTP: Nagios XI users.php do_update_user Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38210: ZDI-CAN-11851: Zero Day Initiative Vulnerability (Multiple NETGEAR Routers)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Multiple NETGEAR Routers.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38211: ZDI-CAN-11881: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38212: ZDI-CAN-11885: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38213: ZDI-CAN-11891: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38214: ZDI-CAN-11892: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38215: ZDI-CAN-11906: Zero Day Initiative Vulnerability (Microsoft Chakra)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Chakra.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38216: ZDI-CAN-11910: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38217: ZDI-CAN-11911: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38218: ZDI-CAN-11912: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38219: ZDI-CAN-11914: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38220: ZDI-CAN-11915: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38221: ZDI-CAN-11927: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 06, 2020

    38222: HTTP: Nmap Scripting Engine adobe-coldfusion-apsa1301 Detection (ATT&CK T1018,T1210,T1190,T1046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an adobe-coldfusion-apsa1301 vulnerability scan by the Nmap Scripting Engine.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Reconnaissance / Suspicious Access - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38223: HTTP: Nmap Scripting Engine http-apache-server-status Detection (ATT&CK T1518,T1018,T1046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an http-apache-server-status scan by the Nmap Scripting Engine. In some installations of Apache, this script parses useful information such as system uptime, Apache version, and recent HTTP requests.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Reconnaissance / Suspicious Access - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38224: HTTP: Nmap Scripting Engine http-aspnet-debug Detection (ATT&CK T1518,T1018,T1046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an http-aspnet-debug request by the Nmap Scripting Engine. The HTTP DEBUG command is used for debugging applications in ASP.NET.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Reconnaissance / Suspicious Access - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38225: HTTP: Nmap Scripting Engine http-avaya-ipoffice-users Detection (ATT&CK T1018,T1033,T1046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an http-avaya-ipoffice-users request by the Nmap Scripting Engine. Avaya IP Office systems allow unauthenticated access to specific endpoints. An attacker could leverage this to disclose sensitive user information.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38226: HTTP: Nmap Scripting Engine http-axis2-dir-traversal Detection (ATT&CK T1046,T1018,T1007)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an http-axis2-dir-traversal enumeration attempt by the Nmap Scripting Engine. Specific installations of Apache Axis2 are vulnerable to a directory traversal vulnerability. To exploit this vulnerability, an adversary must first locate a valid service, often through the Apache Axis2 configuration file.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38227: HTTP: Nmap Scripting Engine http-backup-finder Detection (ATT&CK T1046)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an http-backup-finder enumeration attempt by the Nmap Scripting Engine.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38231: HTTP: MobileIron Core & Connector Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in MobileIron Core & Connector.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-15505
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: October 06, 2020

    38237: HTTP: Suspicious SQL ELT Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of the ELT method with some suspicious elements in a SQL command via HTTP.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 06, 2020

    38242: HTTP: Sophos XG Firewall SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Sophos XG Firewall, in the user and admin web interfaces, and in the email quarantine release feature.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-12271, CVE-2020-15504
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: October 06, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 30341: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: February 13, 2018
      - Last Modified Date: October 06, 2020

    37232: HTTP: Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read (ZDI-20-799)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37232: ZDI-CAN-10471: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37233: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-796)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37233: ZDI-CAN-10472: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37239: HTTP: Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read (ZDI-20-795)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37239: ZDI-CAN-10480: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37240: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-794)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37240: ZDI-CAN-10481: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37241: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-793)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37241: ZDI-CAN-10483: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37248: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-310)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37248: ZDI-CAN-10420: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37252: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Buffer Overflow Vulnerability(ZDI-20-309)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37252: ZDI-CAN-10413: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37257: HTTP: Trend Micro InterScan Web Security VA Directory Traversal Vulnerability (ZDI-20-678)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37257: ZDI-CAN-10329: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37258: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-951)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37258: ZDI-CAN-10188: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37259: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Double Free Vulnerability (ZDI-20-952)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37259: ZDI-CAN-10187: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: October 06, 2020

    37285: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-950)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37285: ZDI-CAN-10121: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 10, 2020
      - Last Modified Date: October 06, 2020

    37330: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Type Confusion Vulnerability (ZDI-20-954)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37330: ZDI-CAN-10139: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Severity changed from "High" to "Critical".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 06, 2020

    37380: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Read Vulnerability (ZDI-20-791)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37380: ZDI-CAN-10508: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 24, 2020
      - Last Modified Date: October 06, 2020

    37474: HTTP: WECON LeviStudioU XYSet WordAddr Buffer Overflow Vulnerability (ZDI-20-1059-63)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37474: ZDI-CAN-10533-37: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 07, 2020
      - Last Modified Date: October 06, 2020

    37659: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-20-943)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37659: ZDI-CAN-10881: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: October 06, 2020

    37664: HTTP: Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write (ZDI-20-820)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37664: ZDI-CAN-10896: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: October 06, 2020

    37666: HTTP: Microsoft Windows hevcdecoder_store MKV File Parsing Use-After-Free Vulnerability (ZDI-20-815)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37666: ZDI-CAN-10936: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: October 06, 2020

    37667: HTTP: Microsoft Windows hevcdecoder_store MKV File Parsing Out-Of-Bounds Write (ZDI-20-1081)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37667: ZDI-CAN-10962: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 28, 2020
      - Last Modified Date: October 06, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    13855: TCP: XML External Entity (XXE) Usage
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: April 28, 2014
      - Last Modified Date: October 06, 2020

    19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455,ZDI-20-1216)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: April 21, 2015
      - Last Modified Date: October 06, 2020

    36086: HTTP: AWStats Totals multisort Code Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: September 03, 2019
      - Last Modified Date: October 06, 2020

    37332: HTTP: Delta Industrial Automation DPB File Parsing GifName Buffer Overflow Vulnerability(ZDI-20-308)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: March 17, 2020
      - Last Modified Date: October 06, 2020

    37581: ZDI-CAN-10611: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Miscellaneous modification.
      - Release Date: April 14, 2020
      - Last Modified Date: October 06, 2020

    37585: ZDI-CAN-10675: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Miscellaneous modification.
      - Release Date: April 14, 2020
      - Last Modified Date: October 06, 2020

  Removed Filters: None
  
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000276650
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.