Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9593

    • Updated:
    • 28 Sep 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9593      September 28, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9593.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9593.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 10
 Modified Filters (logic changes) - 16
 Modified Filters (metadata changes only) - 1
 Removed Filters - 0

Filters
----------------
  New Filters: 

    40348: HTTP: Delta Industrial Automation DIAEnergie Handler_CFG.aspx SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Delta Industrial Automation DIAEnergie.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-32983
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: September 28, 2021

    40350: HTTP: Centreon componentTemplates.php compo_id SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Centreon.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 28, 2021

    40351: HTTP: Spring Boot logview Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Spring Boot.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21234
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 28, 2021

    40352: HTTP: Tiny Tiny RSS af_proxy_http Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a remote code execution vulnerability in Tiny Tiny RSS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-25787 CVSS 9.8, CVE-2020-25788 CVSS 8.1, CVE-2020-25789 CVSS 6.1
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: September 28, 2021

    40353: ZDI-CAN-14887,15138,15139,15140: Zero Day Initiative Vulnerability (Trend Micro Apex One)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Trend Micro Apex One.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 28, 2021

    40356: ZDI-CAN-14978: Zero Day Initiative Vulnerability (Microsoft SharePoint)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 28, 2021

    40357: ZDI-CAN-14805: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Cisco Data Center Network Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: September 28, 2021

    40358: HTTP: Nagios XI Manage My Dashboards Page Stored Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-38156
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 28, 2021

    40360: SMTP: Apple macOS Finder .inetloc File Parsing Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Apple macOS.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Vulnerability - Other
      - Protocol: SMTP
      - Platform: MacOS Client Application
      - Release Date: September 28, 2021

    40361: HTTP: VMware vCenter Analytics service File Upload
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to upload a file to VMware vCenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-22005
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: September 28, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    22622: HTTP: ThinkPHP Framework Code Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: February 02, 2016
      - Last Modified Date: September 28, 2021

    37250: HTTP: Apache Solr VelocityResponseWriter Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 03, 2020
      - Last Modified Date: September 28, 2021

    39317: HTTP: Siemens JT2Go DGN File Parsing Use-After-Free Vulnerability (ZDI-21-990)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39317: ZDI-CAN-13468: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: September 28, 2021

    39328: HTTP: Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-989)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39328: ZDI-CAN-13417: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: September 28, 2021

    39330: HTTP: Siemens JT2Go DXF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-988)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39330: ZDI-CAN-13415: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: September 28, 2021

    39600: HTTP: Delta Industrial Automation DOPSoft TBK Buffer Overflow Vulnerability (ZDI-21-1059)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39600: ZDI-CAN-12877: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 27, 2021
      - Last Modified Date: September 28, 2021

    39602: HTTP: Schneider Electric Struxureware Data Center Directory Traversal Vulnerability (ZDI-21-1071)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39602: ZDI-CAN-13077: Zero Day Initiative Vulnerability (Schneider Electric Struxureware)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 27, 2021
      - Last Modified Date: September 28, 2021

    39626: HTTP: Autodesk Navisworks DWG File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-1060)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39626: ZDI-CAN-13714: Zero Day Initiative Vulnerability (AutoDesk Navisworks)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 04, 2021
      - Last Modified Date: September 28, 2021

    39627: HTTP: Autodesk Navisworks PDF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-1061)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39627: ZDI-CAN-13715: Zero Day Initiative Vulnerability (AutoDesk Navisworks)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 04, 2021
      - Last Modified Date: September 28, 2021

    39629: HTTP: Autodesk Navisworks PDF File Parsing Memory Corruption Vulnerability (ZDI-21-1063)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39629: ZDI-CAN-13717: Zero Day Initiative Vulnerability (AutoDesk Navisworks)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 04, 2021
      - Last Modified Date: September 28, 2021

    39630: HTTP: Autodesk Navisworks PDF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-1064)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39630: ZDI-CAN-13718: Zero Day Initiative Vulnerability (AutoDesk Navisworks)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 04, 2021
      - Last Modified Date: September 28, 2021

    39631: HTTP: Autodesk Navisworks DWG File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-1065)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39631: ZDI-CAN-13719: Zero Day Initiative Vulnerability (AutoDesk Navisworks)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 04, 2021
      - Last Modified Date: September 28, 2021

    39635: HTTP: Apache Tapestry ClasspathAssetRequestHandler Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 04, 2021
      - Last Modified Date: September 28, 2021

    39678: HTTP: Schneider Electric Struxureware Data Center Command Injection Vulnerability (ZDI-21-107)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39678: ZDI-CAN-13553: Zero Day Initiative Vulnerability (Schneider Electric Struxureware)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 11, 2021
      - Last Modified Date: September 28, 2021

    39872: HTTP: Siemens Simcenter STAR-CCM+ SCE File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-1074)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39872: ZDI-CAN-13700: Zero Day Initiative Vulnerability (Siemens Simcenter Star-CCM+)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 15, 2021
      - Last Modified Date: September 28, 2021

    39899: HTTP: Autodesk FBX Review FBX File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-1067)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39899: ZDI-CAN-14036: Zero Day Initiative Vulnerability (AutoDesk FBX)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 29, 2021
      - Last Modified Date: September 28, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    38931: HTTP: Schneider Electric C-Bus Toolkit ACCESS SAVE Directory Traversal Vulnerability (ZDI-21-447)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: February 23, 2021
      - Last Modified Date: September 28, 2021

  Removed Filters: None


Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000289119
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.