{"vulnerability": "cve-2024-3736", "sightings": [{"uuid": "f5e9a36b-e345-40f6-8927-6136766dd1de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37369", "type": "seen", "source": "https://t.me/true_secator/5858", "content": "Rockwell Automation \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0442\u0440\u0435\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e HMI FactoryTalk View Site Edition (SE), \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0432\u0435\u0440\u0441\u0438\u044e 14.\n\n\u041e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445, CVE-2024-37368, \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0438\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 FTView \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 HMI.\n\n\u0418\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u044d\u0442\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u0431\u0435\u0437 \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0434\u044b\u0440\u0430 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, CVE-2024-37367, \u0438\u043c\u0435\u0435\u0442 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435, \u0430 \u0442\u0440\u0435\u0442\u044c\u044f \u0432 FactoryTalk View SE, CVE-2024-37369, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e EoP.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438, \u043e\u0431\u0445\u043e\u0434\u044f \u0441\u043f\u0438\u0441\u043a\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Rockwell \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0435\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 ControlLogix, GuardLogix \u0438 CompactLogix.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0432\u0441\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0432 \u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0432\u043e\u0439\u0434\u0443\u0442 \u0432 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043c\u043e\u0439 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u043e\u0441\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043d\u0430 \u043f\u043e\u0440\u0442 mDNS.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Rockwell Automation \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430  \u0441\u0438\u0441\u0442\u0435\u043c ICS \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443 \u0434\u0430\u0431\u044b \u043a\u0443\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043c\u0435\u044e\u0449\u0438\u0435\u0441\u044f \u043a\u0438\u0431\u0435\u0440\u0443\u0433\u0440\u043e\u0437\u044b.", "creation_timestamp": "2024-06-14T17:53:06.000000Z"}, {"uuid": "b4a02c3b-ae42-4665-9443-f357d5951414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37365", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-317-03", "content": "", "creation_timestamp": "2024-11-12T12:00:00.000000Z"}, {"uuid": "f421e9a2-73e8-4d1d-b436-9b6410514501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3livuytkh3k2a", "content": "", "creation_timestamp": "2025-02-24T08:01:01.254931Z"}, {"uuid": "b5f7c146-1e1b-4599-953f-7a518d948598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37365", "type": "seen", "source": "https://t.me/cvedetector/10628", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37365 - Microsoft Office Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37365 \nPublished : Nov. 12, 2024, 3:15 p.m. | 42\u00a0minutes ago \nDescription : A remote code execution vulnerability exists in the affected  \nproduct. The vulnerability allows users to save projects within the public  \ndirectory allowing anyone with local access to modify and/or delete files. Additionally,  \na malicious user could potentially leverage this vulnerability to escalate  \ntheir privileges by changing the macro to execute arbitrary code. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T17:12:50.000000Z"}, {"uuid": "431df205-29b0-4d08-9d8f-02a2c9147c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://t.me/CyberBulletin/2381", "content": "\u26a1CVE-2024-37361 (CVSS 9.9): Critical Vulnerability in Pentaho Business Analytics Server.\n\n#CyberBulletin", "creation_timestamp": "2025-02-23T06:18:58.000000Z"}, {"uuid": "33bcc734-b69c-4cc0-ac4a-c97d4eabb822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://t.me/CyberBulletin/2379", "content": "\u26a1CVE-2024-37361 (CVSS 9.9): Critical Vulnerability in Pentaho Business Analytics Server.\n\n#CyberBulletin", "creation_timestamp": "2025-02-23T06:02:33.000000Z"}, {"uuid": "2964d8d0-002a-440e-8145-4689544fa1e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37367", "type": "seen", "source": "https://t.me/true_secator/5858", "content": "Rockwell Automation \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0442\u0440\u0435\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e HMI FactoryTalk View Site Edition (SE), \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0432\u0435\u0440\u0441\u0438\u044e 14.\n\n\u041e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445, CVE-2024-37368, \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0438\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 FTView \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 HMI.\n\n\u0418\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u044d\u0442\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u0431\u0435\u0437 \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0434\u044b\u0440\u0430 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, CVE-2024-37367, \u0438\u043c\u0435\u0435\u0442 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435, \u0430 \u0442\u0440\u0435\u0442\u044c\u044f \u0432 FactoryTalk View SE, CVE-2024-37369, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e EoP.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438, \u043e\u0431\u0445\u043e\u0434\u044f \u0441\u043f\u0438\u0441\u043a\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Rockwell \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0435\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 ControlLogix, GuardLogix \u0438 CompactLogix.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0432\u0441\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0432 \u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0432\u043e\u0439\u0434\u0443\u0442 \u0432 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043c\u043e\u0439 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u043e\u0441\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043d\u0430 \u043f\u043e\u0440\u0442 mDNS.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Rockwell Automation \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430  \u0441\u0438\u0441\u0442\u0435\u043c ICS \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443 \u0434\u0430\u0431\u044b \u043a\u0443\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043c\u0435\u044e\u0449\u0438\u0435\u0441\u044f \u043a\u0438\u0431\u0435\u0440\u0443\u0433\u0440\u043e\u0437\u044b.", "creation_timestamp": "2024-06-14T17:53:06.000000Z"}, {"uuid": "dabe3d7a-ec85-40bd-81e4-e4574687b316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37368", "type": "seen", "source": "https://t.me/true_secator/5858", "content": "Rockwell Automation \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0442\u0440\u0435\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e HMI FactoryTalk View Site Edition (SE), \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0432\u0435\u0440\u0441\u0438\u044e 14.\n\n\u041e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445, CVE-2024-37368, \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0438\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 FTView \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 HMI.\n\n\u0418\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u044d\u0442\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u0431\u0435\u0437 \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0434\u044b\u0440\u0430 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, CVE-2024-37367, \u0438\u043c\u0435\u0435\u0442 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435, \u0430 \u0442\u0440\u0435\u0442\u044c\u044f \u0432 FactoryTalk View SE, CVE-2024-37369, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e EoP.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438, \u043e\u0431\u0445\u043e\u0434\u044f \u0441\u043f\u0438\u0441\u043a\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Rockwell \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0435\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 ControlLogix, GuardLogix \u0438 CompactLogix.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0432\u0441\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0432 \u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0432\u043e\u0439\u0434\u0443\u0442 \u0432 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043c\u043e\u0439 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u043e\u0441\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043d\u0430 \u043f\u043e\u0440\u0442 mDNS.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Rockwell Automation \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430  \u0441\u0438\u0441\u0442\u0435\u043c ICS \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443 \u0434\u0430\u0431\u044b \u043a\u0443\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043c\u0435\u044e\u0449\u0438\u0435\u0441\u044f \u043a\u0438\u0431\u0435\u0440\u0443\u0433\u0440\u043e\u0437\u044b.", "creation_timestamp": "2024-06-14T17:53:06.000000Z"}, {"uuid": "64b46d54-f810-468d-82e1-fd8e6f3b1076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37363", "type": "seen", "source": "https://bsky.app/profile/will.willofmiletus.com/post/3lil5dsp5qs2d", "content": "", "creation_timestamp": "2025-02-20T01:31:01.970696Z"}, {"uuid": "5f948c5c-cc39-4ab5-8468-399c2ffeb92f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114033695657281184", "content": "", "creation_timestamp": "2025-02-20T01:48:28.537525Z"}, {"uuid": "efb54596-ed00-4535-8d2a-def4ed255760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lilaghonti2p", "content": "", "creation_timestamp": "2025-02-20T02:26:12.013902Z"}, {"uuid": "c54c88d3-6ce7-43e1-a007-a9e87c886583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37362", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lilbm2zbpt2c", "content": "", "creation_timestamp": "2025-02-20T02:47:13.287793Z"}, {"uuid": "24ac217d-8d80-4c44-a376-11b742f4b793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3linirhrlmh2u", "content": "", "creation_timestamp": "2025-02-21T00:00:50.400779Z"}, {"uuid": "51b935f2-4a3d-462d-938e-440dec572e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpij7h6ufs2p", "content": "", "creation_timestamp": "2025-05-19T02:21:41.720567Z"}, {"uuid": "cce1cfaa-4ab0-4d74-85c3-6f76a0245757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37360", "type": "seen", "source": "https://t.me/cvedetector/18503", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37360 - Hitachi Vantara Pentaho Business Analytics Server Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37360 \nPublished : Feb. 19, 2025, 11:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')   \n  \n  \n  \n\u00a0  \n  \n  \n  \nThe software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)  \n  \n  \n  \n\u00a0  \n  \n  \n  \nHitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.0 and 9.3.0.9, including 8.3.x, allow a malicious URL to inject content into the Analyzer plugin interface.  \n  \n  \n  \n\u00a0  \n  \n  \n  \n  \nOnce the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T02:16:51.000000Z"}, {"uuid": "b62cc504-2014-49b3-b108-bccbbb153917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3littgfhpvy2x", "content": "", "creation_timestamp": "2025-02-23T12:27:27.625708Z"}, {"uuid": "b7f7bbad-d85d-4625-8bd5-465971d64673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3liswlvuq4c2b", "content": "", "creation_timestamp": "2025-02-23T03:51:41.451756Z"}, {"uuid": "c5268579-ad8e-42f2-a4eb-8fe17d00c254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lphi5p547d2m", "content": "", "creation_timestamp": "2025-05-18T16:30:08.997171Z"}, {"uuid": "576ca5e4-4a01-4e86-af8e-54f3f5b71f1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37362", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "1e723678-5e99-48e4-a431-26124bd03e1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37362", "type": "seen", "source": "https://t.me/cvedetector/18489", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37362 - Hitachi Vantara Pentaho Data Integration &amp; Analytics Database Password Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-37362 \nPublished : Feb. 20, 2025, 12:15 a.m. | 27\u00a0minutes ago \nDescription : The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)   \n  \n  \n  \n\u00a0  \n  \n  \n  \nHitachi Vantara Pentaho Data Integration &amp; Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.  \n  \n  \n  \n\u00a0  \n  \n  \n  \nProducts must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T02:16:31.000000Z"}, {"uuid": "8ca3f4cc-fb81-49d1-bc85-3629dd89b4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37363", "type": "seen", "source": "https://t.me/cvedetector/18490", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37363 - Hitachi Vantara Pentaho Business Analytics Server Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-37363 \nPublished : Feb. 20, 2025, 12:15 a.m. | 27\u00a0minutes ago \nDescription : The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862)  \n  \n  \n  \n  \n  \n  \n\u00a0Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source management service.  \n  \n  \n  \n  \n  \n  \n  \n  \nWhen access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T02:16:35.000000Z"}, {"uuid": "47f31494-05ea-424f-9700-ab1532f6becf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37361", "type": "seen", "source": "https://t.me/cvedetector/18488", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37361 - Hitachi Vantara Pentaho Business Analytics Server JSON Deserialization Vulnerability (CWE-502)\", \n  \"Content\": \"CVE ID : CVE-2024-37361 \nPublished : Feb. 20, 2025, 12:15 a.m. | 27\u00a0minutes ago \nDescription : The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502)  \n  \n  \n  \n\u00a0  \n  \n  \n  \nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods.  \n  \n  \n  \n\u00a0  \n  \n  \n  \nWhen developers place no restrictions on \"gadget chains,\" or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T02:16:30.000000Z"}]}