Summary
Digital Vaccine #9463 October 6, 2020
Details
| Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
| System Requirements |
| The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
| The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9463.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9463.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 22
Modified Filters (logic changes) - 19
Modified Filters (metadata changes only) - 6
Removed Filters - 0
Filters
----------------
New Filters:
38208: HTTP: Nagios XI users.php do_update_user Cross-Site Scripting Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Nagios XI.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38210: ZDI-CAN-11851: Zero Day Initiative Vulnerability (Multiple NETGEAR Routers)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Multiple NETGEAR Routers.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38211: ZDI-CAN-11881: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38212: ZDI-CAN-11885: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38213: ZDI-CAN-11891: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38214: ZDI-CAN-11892: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38215: ZDI-CAN-11906: Zero Day Initiative Vulnerability (Microsoft Chakra)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Chakra.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38216: ZDI-CAN-11910: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38217: ZDI-CAN-11911: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38218: ZDI-CAN-11912: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38219: ZDI-CAN-11914: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38220: ZDI-CAN-11915: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38221: ZDI-CAN-11927: Zero Day Initiative Vulnerability (Siemens JT2Go)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Category: Exploits
- Severity: Critical
- Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
- Deployments:
- Deployment: Security-Optimized (Block / Notify / Trace)
- Classification: Vulnerability - Other
- Protocol: Other Protocol
- Platform: Other Server Application or Service
- Release Date: October 06, 2020
38222: HTTP: Nmap Scripting Engine adobe-coldfusion-apsa1301 Detection (ATT&CK T1018,T1210,T1190,T1046)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an adobe-coldfusion-apsa1301 vulnerability scan by the Nmap Scripting Engine.
- Deployment: Not enabled by default in any deployment.
- Classification: Reconnaissance / Suspicious Access - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38223: HTTP: Nmap Scripting Engine http-apache-server-status Detection (ATT&CK T1518,T1018,T1046)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an http-apache-server-status scan by the Nmap Scripting Engine. In some installations of Apache, this script parses useful information such as system uptime, Apache version, and recent HTTP requests.
- Deployment: Not enabled by default in any deployment.
- Classification: Reconnaissance / Suspicious Access - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38224: HTTP: Nmap Scripting Engine http-aspnet-debug Detection (ATT&CK T1518,T1018,T1046)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an http-aspnet-debug request by the Nmap Scripting Engine. The HTTP DEBUG command is used for debugging applications in ASP.NET.
- Deployment: Not enabled by default in any deployment.
- Classification: Reconnaissance / Suspicious Access - Other
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38225: HTTP: Nmap Scripting Engine http-avaya-ipoffice-users Detection (ATT&CK T1018,T1033,T1046)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an http-avaya-ipoffice-users request by the Nmap Scripting Engine. Avaya IP Office systems allow unauthenticated access to specific endpoints. An attacker could leverage this to disclose sensitive user information.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38226: HTTP: Nmap Scripting Engine http-axis2-dir-traversal Detection (ATT&CK T1046,T1018,T1007)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an http-axis2-dir-traversal enumeration attempt by the Nmap Scripting Engine. Specific installations of Apache Axis2 are vulnerable to a directory traversal vulnerability. To exploit this vulnerability, an adversary must first locate a valid service, often through the Apache Axis2 configuration file.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38227: HTTP: Nmap Scripting Engine http-backup-finder Detection (ATT&CK T1046)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects an http-backup-finder enumeration attempt by the Nmap Scripting Engine.
- Deployment: Not enabled by default in any deployment.
- Classification: Security Policy - Forbidden Application Access or Service Request
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38231: HTTP: MobileIron Core & Connector Command Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a command injection vulnerability in MobileIron Core & Connector.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-15505
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: UNIX/Linux Server Application or Service
- Release Date: October 06, 2020
38237: HTTP: Suspicious SQL ELT Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects the usage of the ELT method with some suspicious elements in a SQL command via HTTP.
- Deployment: Not enabled by default in any deployment.
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: Multi-Platform Server Application or Service
- Release Date: October 06, 2020
38242: HTTP: Sophos XG Firewall SQL Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a SQL injection vulnerability in Sophos XG Firewall, in the user and admin web interfaces, and in the email quarantine release feature.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2020-12271, CVE-2020-15504
- Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
- Protocol: HTTP
- Platform: UNIX/Linux Server Application or Service
- Release Date: October 06, 2020
Modified Filters (logic changes):
* = Enabled in Default deployments
* 30341: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: February 13, 2018
- Last Modified Date: October 06, 2020
37232: HTTP: Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read (ZDI-20-799)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37232: ZDI-CAN-10471: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37233: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-796)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37233: ZDI-CAN-10472: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37239: HTTP: Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read (ZDI-20-795)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37239: ZDI-CAN-10480: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37240: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-794)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37240: ZDI-CAN-10481: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37241: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-793)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37241: ZDI-CAN-10483: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37248: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-310)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37248: ZDI-CAN-10420: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37252: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Buffer Overflow Vulnerability(ZDI-20-309)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37252: ZDI-CAN-10413: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37257: HTTP: Trend Micro InterScan Web Security VA Directory Traversal Vulnerability (ZDI-20-678)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37257: ZDI-CAN-10329: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37258: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-951)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37258: ZDI-CAN-10188: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37259: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Double Free Vulnerability (ZDI-20-952)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37259: ZDI-CAN-10187: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 03, 2020
- Last Modified Date: October 06, 2020
37285: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-950)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37285: ZDI-CAN-10121: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
- Severity changed from "High" to "Critical".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 10, 2020
- Last Modified Date: October 06, 2020
37330: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Type Confusion Vulnerability (ZDI-20-954)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37330: ZDI-CAN-10139: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
- Category changed from "Vulnerabilities" to "Exploits".
- Severity changed from "High" to "Critical".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 17, 2020
- Last Modified Date: October 06, 2020
37380: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Read Vulnerability (ZDI-20-791)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37380: ZDI-CAN-10508: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: March 24, 2020
- Last Modified Date: October 06, 2020
37474: HTTP: WECON LeviStudioU XYSet WordAddr Buffer Overflow Vulnerability (ZDI-20-1059-63)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37474: ZDI-CAN-10533-37: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 07, 2020
- Last Modified Date: October 06, 2020
37659: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-20-943)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37659: ZDI-CAN-10881: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 28, 2020
- Last Modified Date: October 06, 2020
37664: HTTP: Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write (ZDI-20-820)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37664: ZDI-CAN-10896: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 28, 2020
- Last Modified Date: October 06, 2020
37666: HTTP: Microsoft Windows hevcdecoder_store MKV File Parsing Use-After-Free Vulnerability (ZDI-20-815)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37666: ZDI-CAN-10936: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 28, 2020
- Last Modified Date: October 06, 2020
37667: HTTP: Microsoft Windows hevcdecoder_store MKV File Parsing Out-Of-Bounds Write (ZDI-20-1081)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "37667: ZDI-CAN-10962: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 28, 2020
- Last Modified Date: October 06, 2020
Modified Filters (metadata changes only):
* = Enabled in Default deployments
13855: TCP: XML External Entity (XXE) Usage
- IPS Version: 1.0.0 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
- Release Date: April 28, 2014
- Last Modified Date: October 06, 2020
19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455,ZDI-20-1216)
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455)".
- Description updated.
- Vulnerability references updated.
- Release Date: April 21, 2015
- Last Modified Date: October 06, 2020
36086: HTTP: AWStats Totals multisort Code Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Miscellaneous modification.
- Release Date: September 03, 2019
- Last Modified Date: October 06, 2020
37332: HTTP: Delta Industrial Automation DPB File Parsing GifName Buffer Overflow Vulnerability(ZDI-20-308)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Vulnerability references updated.
- Release Date: March 17, 2020
- Last Modified Date: October 06, 2020
37581: ZDI-CAN-10611: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Miscellaneous modification.
- Release Date: April 14, 2020
- Last Modified Date: October 06, 2020
37585: ZDI-CAN-10675: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: N/NX-Platform, NGFW, or TPS devices
- Miscellaneous modification.
- Release Date: April 14, 2020
- Last Modified Date: October 06, 2020
Removed Filters: None
Top of the Page
