Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9602

    • Updated:
    • 27 Oct 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9602      October 26, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9602.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9602.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 15
 Modified Filters (logic changes) - 10
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
  New Filters: 

    40396: HTTP: Centreon KnowledgeBase Proxy ProceduresProxy.class.php SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an SQL injection vulnerability in Centreon.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-37558 CVSS 7.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 26, 2021

    40407: HTTP: WordPress Popup Plugin XSS Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in WordPress Popup plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-24275
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 26, 2021

    40416: HTTP: Foxit PDF Reader Annotation richDefaults Use-After-Free Vulnerability (ZDI-21-930)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Foxit Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-34848 CVSS 7.8
        - Zero Day Initiative: ZDI-21-930
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: October 26, 2021

    40417: HTTP: Atlassian Confluence Server S Endpoint Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Atlassian Confluence Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-26085 CVSS 5.0
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 26, 2021

    40423: HTTP: Delta Industrial Automation DIAEnergie Arbitrary File Upload Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file upload vulnerability in Delta Industrial Automation DIAEnergie.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-32955
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: October 26, 2021

    40424: HTTP: Zoho ManageEngine UserConfigurationAction Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a stored cross-site scripting in Zoho ManageEngine.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-31813
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: October 26, 2021

    40425: ZDI-CAN-14643: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40426: ZDI-CAN-14644: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40432: ZDI-CAN-14645: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40433: ZDI-CAN-14646: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40434: ZDI-CAN-14679: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40435: ZDI-CAN-14683: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40436: ZDI-CAN-14684: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40437: ZDI-CAN-14754: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

    40438: ZDI-CAN-14755: Zero Day Initiative Vulnerability (Siemens Simcenter)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Simcenter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: October 26, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    1576: Backdoor: Back Orifice Communications
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: October 26, 2021

    3972: HTTP: Windows Executable Download
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: December 31, 2005
      - Last Modified Date: October 26, 2021

    * 27844: HTTP: Microsoft Office and WordPad RTF OLE2Link Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: May 30, 2017
      - Last Modified Date: October 26, 2021

    * 28905: HTTP: IBM Informix Dynamic Server index.php testconn Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 04, 2017
      - Last Modified Date: October 26, 2021

    39747: HTTP: Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-1117)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39747: ZDI-CAN-13565: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 25, 2021
      - Last Modified Date: October 26, 2021

    39749: HTTP: Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-1118)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39749: ZDI-CAN-13703: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 25, 2021
      - Last Modified Date: October 26, 2021

    39751: HTTP: Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-1171)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39751: ZDI-CAN-13744: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 25, 2021
      - Last Modified Date: October 26, 2021

    39753: HTTP: Fatek Automation WinProladder PDW File Parsing Use-After-Free Vulnerability (ZDI-21-1170)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39753: ZDI-CAN-13743: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 25, 2021
      - Last Modified Date: October 26, 2021

    39827: HTTP: Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-1176)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39827: ZDI-CAN-13905: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: October 26, 2021

    39828: HTTP: Fatek Automation WinProladder PDW File Parsing Memory Corruption Vulnerability (ZDI-21-1174)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39828: ZDI-CAN-13903: Zero Day Initiative Vulnerability (Fatek Automation WinProladder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 08, 2021
      - Last Modified Date: October 26, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    1125: HTTP: ../.. Directory Traversal
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: December 31, 2005
      - Last Modified Date: October 26, 2021

    * 19379: HTTP: Red Hat Package Manager CPIO Header Buffer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: February 17, 2015
      - Last Modified Date: October 26, 2021

    * 32341: RPC: Advantech Webaccess webvrpcs Directory Traversal Vulnerability (ZDI-18-024)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: July 10, 2018
      - Last Modified Date: October 26, 2021

  Removed Filters: None


Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000289524
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.