{"vulnerability": "CVE-2021-3720", "sightings": [{"uuid": "c6e11e4f-313f-4b69-b5cc-e938a30363eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37204", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/517", "content": "\u0632\u06cc\u0645\u0646\u0633 \u0627\u0635\u0644\u0627\u062d\u06cc\u0647\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u062a\u0639\u062f\u0627\u062f\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc RCE (\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631) \u0628\u0631\u062e\u06cc \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a SIMATIC \u062e\u0648\u062f \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u0646\u062f.\n\n \u062f\u0631 \u0631\u0648\u0632 \u0633\u0647\u200c\u0634\u0646\u0628\u0647 \u06f9 \u062a\u0648\u0635\u06cc\u0647 \u0628\u0631\u0627\u06cc \u0631\u0633\u06cc\u062f\u06af\u06cc \u0628\u0647 \u06f2\u06f7 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f.  \u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0633\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0633\u06cc\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0648 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0628\u0631\u0627\u06cc \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u062d\u0645\u0644\u0627\u062a \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 (DoS) \u0639\u0644\u06cc\u0647 \u0628\u0631\u062e\u06cc \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0632\u06cc\u0645\u0646\u0633 PLC (\u06a9\u0646\u062a\u0631\u0644\u200c\u06a9\u0646\u0646\u062f\u0647\u200c\u0647\u0627\u06cc \u0645\u0646\u0637\u0642\u06cc \u0642\u0627\u0628\u0644 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0631\u06cc\u0632\u06cc) \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f.\n \u062f\u0631 \u06cc\u06a9 \u0645\u062d\u06cc\u0637 \u0635\u0646\u0639\u062a\u06cc \u062f\u0631 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc\u060c \u062e\u0631\u0627\u0628\u06cc PLC \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0623\u062b\u06cc\u0631 \u062c\u062f\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u0648 \u0628\u0627\u0639\u062b \u0642\u0637\u0639\u06cc \u0642\u0627\u0628\u0644 \u062a\u0648\u062c\u0647\u06cc \u0634\u0648\u062f.\n\n \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0632\u06cc\u0645\u0646\u0633 SIMATIC S7-1200 \u0648 S7-1500 PLC\u060c SIMATIC Drive Controller\u060c ET 200SP Open Controller\u060c S7-1500 Software Controller\u060c SIMATIC S7-PLCSIM Advanced\u060c TIM 1531 IRC \u0645\u0627\u0698\u0648\u0644 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc \u0648 SIPLUS \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u0628\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0627\u0641\u0631\u0627\u0637\u06cc \u062e\u0648\u062f \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f.\n \u06af\u0627\u0626\u0648 \u062c\u06cc\u0627\u0646\u060c \u0645\u062d\u0642\u0642 \u0627\u0645\u0646\u06cc\u062a\u06cc ICS \u0645\u06cc\u200c\u06af\u0648\u06cc\u062f \u06a9\u0647 \u062a\u0646\u0647\u0627 \u062a\u0639\u062f\u0627\u062f \u06a9\u0645\u06cc \u0627\u0632 \u0647\u0634\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u06af\u0632\u0627\u0631\u0634 \u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u062f\u0631 \u062d\u0627\u0644\u06cc \u06a9\u0647 \u0645\u0633\u0627\u0626\u0644 \u062f\u06cc\u06af\u0631 \u062f\u0631 \u062d\u0627\u0644 \u0628\u0631\u0631\u0633\u06cc \u0647\u0633\u062a\u0646\u062f.  \u06af\u0627\u0626\u0648 \u062c\u06cc\u0627\u0646 \u062f\u0631 \u06cc\u06a9 github \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u06a9\u0647 \u0627\u0648 \u0634\u0631\u0648\u0639 \u0628\u0647 \u06af\u0632\u0627\u0631\u0634 \u06cc\u0627\u0641\u062a\u0647\u200c\u0647\u0627 \u0628\u0647 \u0632\u06cc\u0645\u0646\u0633 \u062f\u0631 \u0622\u06af\u0648\u0633\u062a 2021 \u06a9\u0631\u062f \u06a9\u0647 \u0622\u0646 \u0631\u0627 S7+:Crash \u0646\u0627\u0645\u06cc\u062f \u06a9\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u067e\u0631\u0648\u062a\u06a9\u0644 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc OMS+ \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0632\u06cc\u0645\u0646\u0633 \u0627\u0633\u062a.\n\n S7+: Crash \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0639\u0627\u0645\u0644 \u062a\u0647\u062f\u06cc\u062f \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u062f\u0631 \u067e\u0648\u0631\u062a TCP 102 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f.  \u0627\u06af\u0631 PLC \u0628\u0647 \u062f\u0644\u06cc\u0644 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0627\u0634\u062a\u0628\u0627\u0647 \u062f\u0631 \u0645\u0639\u0631\u0636 \u062f\u06cc\u062f \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u0632 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0646\u06cc\u0632 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0645\u06a9\u0627\u0646 \u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u062f.\n\n RCE:\n CVE-2021-37185\n CVE-2021-37204\n CVE-2021-37205\n \u0644\u06cc\u0646\u06a9 \u062e\u0628\u0631:\n https://bit.ly/3BixbpQ\n https://bit.ly/3LvHTxR\n https://bit.ly/3HNL5CO\n\n\n #OT#ICS #\u0632\u06cc\u0631\u0633\u0627\u062e\u062a_\u0628\u062d\u0631\u0627\u0646\u06cc #\u0627\u0646\u0631\u0698\u06cc #\u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 #PLC #\u0632\u06cc\u0645\u0646\u0633 #RCE #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc #\u0632\u06cc\u0631\u0633\u0627\u062e\u062a \n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert", "creation_timestamp": "2022-02-14T16:20:30.000000Z"}, {"uuid": "0ca5dfc0-213d-48a0-ae88-28493fe6c450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37205", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/517", "content": "\u0632\u06cc\u0645\u0646\u0633 \u0627\u0635\u0644\u0627\u062d\u06cc\u0647\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u062a\u0639\u062f\u0627\u062f\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc RCE (\u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631) \u0628\u0631\u062e\u06cc \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a SIMATIC \u062e\u0648\u062f \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u0646\u062f.\n\n \u062f\u0631 \u0631\u0648\u0632 \u0633\u0647\u200c\u0634\u0646\u0628\u0647 \u06f9 \u062a\u0648\u0635\u06cc\u0647 \u0628\u0631\u0627\u06cc \u0631\u0633\u06cc\u062f\u06af\u06cc \u0628\u0647 \u06f2\u06f7 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f.  \u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0633\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0633\u06cc\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0648 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0646\u0634\u062f\u0647 \u0628\u0631\u0627\u06cc \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u062d\u0645\u0644\u0627\u062a \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 (DoS) \u0639\u0644\u06cc\u0647 \u0628\u0631\u062e\u06cc \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0632\u06cc\u0645\u0646\u0633 PLC (\u06a9\u0646\u062a\u0631\u0644\u200c\u06a9\u0646\u0646\u062f\u0647\u200c\u0647\u0627\u06cc \u0645\u0646\u0637\u0642\u06cc \u0642\u0627\u0628\u0644 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0631\u06cc\u0632\u06cc) \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f.\n \u062f\u0631 \u06cc\u06a9 \u0645\u062d\u06cc\u0637 \u0635\u0646\u0639\u062a\u06cc \u062f\u0631 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc\u060c \u062e\u0631\u0627\u0628\u06cc PLC \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0623\u062b\u06cc\u0631 \u062c\u062f\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u0648 \u0628\u0627\u0639\u062b \u0642\u0637\u0639\u06cc \u0642\u0627\u0628\u0644 \u062a\u0648\u062c\u0647\u06cc \u0634\u0648\u062f.\n\n \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0632\u06cc\u0645\u0646\u0633 SIMATIC S7-1200 \u0648 S7-1500 PLC\u060c SIMATIC Drive Controller\u060c ET 200SP Open Controller\u060c S7-1500 Software Controller\u060c SIMATIC S7-PLCSIM Advanced\u060c TIM 1531 IRC \u0645\u0627\u0698\u0648\u0644 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc \u0648 SIPLUS \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u0628\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0627\u0641\u0631\u0627\u0637\u06cc \u062e\u0648\u062f \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f.\n \u06af\u0627\u0626\u0648 \u062c\u06cc\u0627\u0646\u060c \u0645\u062d\u0642\u0642 \u0627\u0645\u0646\u06cc\u062a\u06cc ICS \u0645\u06cc\u200c\u06af\u0648\u06cc\u062f \u06a9\u0647 \u062a\u0646\u0647\u0627 \u062a\u0639\u062f\u0627\u062f \u06a9\u0645\u06cc \u0627\u0632 \u0647\u0634\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u06af\u0632\u0627\u0631\u0634 \u0634\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u062f\u0631 \u062d\u0627\u0644\u06cc \u06a9\u0647 \u0645\u0633\u0627\u0626\u0644 \u062f\u06cc\u06af\u0631 \u062f\u0631 \u062d\u0627\u0644 \u0628\u0631\u0631\u0633\u06cc \u0647\u0633\u062a\u0646\u062f.  \u06af\u0627\u0626\u0648 \u062c\u06cc\u0627\u0646 \u062f\u0631 \u06cc\u06a9 github \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u06a9\u0647 \u0627\u0648 \u0634\u0631\u0648\u0639 \u0628\u0647 \u06af\u0632\u0627\u0631\u0634 \u06cc\u0627\u0641\u062a\u0647\u200c\u0647\u0627 \u0628\u0647 \u0632\u06cc\u0645\u0646\u0633 \u062f\u0631 \u0622\u06af\u0648\u0633\u062a 2021 \u06a9\u0631\u062f \u06a9\u0647 \u0622\u0646 \u0631\u0627 S7+:Crash \u0646\u0627\u0645\u06cc\u062f \u06a9\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u067e\u0631\u0648\u062a\u06a9\u0644 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc OMS+ \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0632\u06cc\u0645\u0646\u0633 \u0627\u0633\u062a.\n\n S7+: Crash \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0639\u0627\u0645\u0644 \u062a\u0647\u062f\u06cc\u062f \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u062f\u0631 \u067e\u0648\u0631\u062a TCP 102 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f.  \u0627\u06af\u0631 PLC \u0628\u0647 \u062f\u0644\u06cc\u0644 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0627\u0634\u062a\u0628\u0627\u0647 \u062f\u0631 \u0645\u0639\u0631\u0636 \u062f\u06cc\u062f \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u0632 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0646\u06cc\u0632 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0645\u06a9\u0627\u0646 \u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u062f.\n\n RCE:\n CVE-2021-37185\n CVE-2021-37204\n CVE-2021-37205\n \u0644\u06cc\u0646\u06a9 \u062e\u0628\u0631:\n https://bit.ly/3BixbpQ\n https://bit.ly/3LvHTxR\n https://bit.ly/3HNL5CO\n\n\n #OT#ICS #\u0632\u06cc\u0631\u0633\u0627\u062e\u062a_\u0628\u062d\u0631\u0627\u0646\u06cc #\u0627\u0646\u0631\u0698\u06cc #\u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 #PLC #\u0632\u06cc\u0645\u0646\u0633 #RCE #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc #\u0632\u06cc\u0631\u0633\u0627\u062e\u062a \n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert", "creation_timestamp": "2022-02-14T16:20:30.000000Z"}, {"uuid": "9b045634-9652-4cf8-a6c7-66ab6c74475a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37205", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2622", "content": "\u200b\u200b\u041c\u044b \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043b\u0438 \u043e\u0431 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0410\u0421\u0423\u0422\u041f.\n\n\u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Siemens \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0440\u044f\u0434 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0431\u043e\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 SIMATIC.\n\n\u0422\u0440\u0438 \u0438\u0437 \u043d\u0438\u0445 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2021-37185, CVE-2021-37204 \u0438 CVE-2021-37205), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c, \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0442\u0438\u043f\u0430 \u00ab\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb (DoS) \u043d\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b (PLC) SIMATIC S7-1200 \u0438 S7-1500, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043f\u0440\u0438\u0432\u043e\u0434\u0430 SIMATIC, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 ET 200SP, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f S7-1500, SIMATIC S7-PLCSIM Advanced, \u043c\u043e\u0434\u0443\u043b\u044c \u0441\u0432\u044f\u0437\u0438 TIM 1531 IRC, \u0430 \u0442\u0430\u043a\u0436\u0435 \u044d\u043a\u0441\u0442\u0440\u0435\u043c\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b SIPLUS. \u0411\u0430\u0433\u0438 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u043e TCP-\u043f\u043e\u0440\u0442\u0443 102 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e.\n\n\u0412 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u0436\u0438\u0437\u043d\u0438 \u0441\u0431\u043e\u0439 \u041f\u041b\u041a \u043c\u043e\u0436\u0435\u0442 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0430\u0432\u0430\u0440\u0438\u044f\u043c.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0441\u0442\u0430\u043b\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0441 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2021 \u0433\u043e\u0434\u0430 \u0440\u0430\u0431\u043e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c ICS \u0413\u0430\u043e \u0426\u0437\u044f\u043d\u0435\u043c \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0443\u0441\u043b\u043e\u0432\u043d\u043e\u0435 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 S7+:Crash. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441\u043e \u0441\u0442\u0435\u043a\u043e\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0441\u0432\u044f\u0437\u0438 OMS+.\n\n\u041f\u041b\u041a Siemens \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0433\u043e \u0442\u0438\u043f\u0430 \u0430\u0442\u0430\u043a, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043e\u043f\u0446\u0438\u044f \u00ab\u043f\u043e\u043b\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b\u00bb, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0438 \u043c\u0435\u0436\u0434\u0443 \u041f\u041b\u041a \u0438 \u041f\u041a \u0438\u043b\u0438 HMI.\n\n\u0414\u043b\u044f \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u043e, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0438\u043b\u0438 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u0434\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0446\u0435\u043d\u0438\u0442\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u043d\u0430 \u0432\u0438\u0434\u0435\u043e\ud83d\udc47", "creation_timestamp": "2022-02-11T18:48:18.000000Z"}, {"uuid": "1a677a41-d8b3-41e8-b753-e041ae9fa672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3720", "type": "seen", "source": "https://t.me/cibsecurity/32341", "content": "\u203c CVE-2021-3720 \u203c\n\nAn information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T00:39:24.000000Z"}, {"uuid": "9171ff2f-bbe3-4479-bf86-53e273373332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37206", "type": "seen", "source": "https://t.me/cibsecurity/28788", "content": "\u203c CVE-2021-37206 \u203c\n\nA vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:21:13.000000Z"}, {"uuid": "0a479e60-db6c-41b1-a67e-a29d8ba5f4ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37202", "type": "seen", "source": "https://t.me/cibsecurity/28781", "content": "\u203c CVE-2021-37202 \u203c\n\nA vulnerability has been identified in NX 1980 Series (All versions < V1984). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:21:00.000000Z"}, {"uuid": "e9411214-c3db-4cb2-914e-1a410b1f5407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37200", "type": "seen", "source": "https://t.me/cibsecurity/28779", "content": "\u203c CVE-2021-37200 \u203c\n\nA vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:59.000000Z"}, {"uuid": "9d44092a-b14d-4bde-921b-e197b202d5d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37203", "type": "seen", "source": "https://t.me/cibsecurity/28773", "content": "\u203c CVE-2021-37203 \u203c\n\nA vulnerability has been identified in NX 1980 Series (All versions < V1984). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:51.000000Z"}, {"uuid": "f3f1d4f1-ebf3-4848-91e9-e61da6a95a07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37201", "type": "seen", "source": "https://t.me/cibsecurity/28771", "content": "\u203c CVE-2021-37201 \u203c\n\nA vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T14:20:48.000000Z"}, {"uuid": "b0eb9679-f4cb-409e-bd2c-950a6db5e37f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37204", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2622", "content": "\u200b\u200b\u041c\u044b \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043b\u0438 \u043e\u0431 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0410\u0421\u0423\u0422\u041f.\n\n\u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Siemens \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0440\u044f\u0434 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0431\u043e\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 SIMATIC.\n\n\u0422\u0440\u0438 \u0438\u0437 \u043d\u0438\u0445 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2021-37185, CVE-2021-37204 \u0438 CVE-2021-37205), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c, \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0442\u0438\u043f\u0430 \u00ab\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb (DoS) \u043d\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b (PLC) SIMATIC S7-1200 \u0438 S7-1500, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043f\u0440\u0438\u0432\u043e\u0434\u0430 SIMATIC, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 ET 200SP, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f S7-1500, SIMATIC S7-PLCSIM Advanced, \u043c\u043e\u0434\u0443\u043b\u044c \u0441\u0432\u044f\u0437\u0438 TIM 1531 IRC, \u0430 \u0442\u0430\u043a\u0436\u0435 \u044d\u043a\u0441\u0442\u0440\u0435\u043c\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b SIPLUS. \u0411\u0430\u0433\u0438 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u043e TCP-\u043f\u043e\u0440\u0442\u0443 102 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e.\n\n\u0412 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u0436\u0438\u0437\u043d\u0438 \u0441\u0431\u043e\u0439 \u041f\u041b\u041a \u043c\u043e\u0436\u0435\u0442 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0430\u0432\u0430\u0440\u0438\u044f\u043c.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0441\u0442\u0430\u043b\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0441 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2021 \u0433\u043e\u0434\u0430 \u0440\u0430\u0431\u043e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c ICS \u0413\u0430\u043e \u0426\u0437\u044f\u043d\u0435\u043c \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0443\u0441\u043b\u043e\u0432\u043d\u043e\u0435 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 S7+:Crash. \u0412\u0441\u0435 \u043e\u043d\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441\u043e \u0441\u0442\u0435\u043a\u043e\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0441\u0432\u044f\u0437\u0438 OMS+.\n\n\u041f\u041b\u041a Siemens \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0433\u043e \u0442\u0438\u043f\u0430 \u0430\u0442\u0430\u043a, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043e\u043f\u0446\u0438\u044f \u00ab\u043f\u043e\u043b\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b\u00bb, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0438 \u043c\u0435\u0436\u0434\u0443 \u041f\u041b\u041a \u0438 \u041f\u041a \u0438\u043b\u0438 HMI.\n\n\u0414\u043b\u044f \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u043e, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0438\u043b\u0438 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u0434\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0446\u0435\u043d\u0438\u0442\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u043d\u0430 \u0432\u0438\u0434\u0435\u043e\ud83d\udc47", "creation_timestamp": "2022-02-11T18:48:18.000000Z"}, {"uuid": "b9157d67-e30f-43f7-9da3-bc3aebd3bfa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37207", "type": "seen", "source": "https://t.me/cibsecurity/32041", "content": "\u203c CVE-2021-37207 \u203c\n\nA vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-09T14:30:22.000000Z"}, {"uuid": "8690f270-cf6a-470b-94e2-af52136c8b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-37205", "type": "seen", "source": "https://t.me/cibsecurity/37082", "content": "\u203c CVE-2021-37205 \u203c\n\nA vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T18:13:16.000000Z"}]}