{"vulnerability": "CVE-2022-3332", "sightings": [{"uuid": "dd3a337a-7227-46a9-b000-ce5530f36aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33322", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14311", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-33322\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n\n\ud83d\udccf Published: 2022-11-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T14:38:35.036Z\n\ud83d\udd17 References:\n1. https://jvn.jp/vu/JVNVU96767562/index.html\n2. https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-011_en.pdf\n3. https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2022-011.pdf", "creation_timestamp": "2025-05-01T15:15:33.000000Z"}, {"uuid": "132e8e80-f4b4-43a7-8513-adec221c969e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33329", "type": "seen", "source": "https://t.me/true_secator/3558", "content": "Cisco Talos \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0434\u0435\u0432\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u043e\u0442\u043e\u0432\u043e\u043c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0435 Robustel R1510, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u0438 DoS.\n\nRobustel R1510 \u2014 \u044d\u0442\u043e \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440 \u0441 \u0434\u0432\u0443\u043c\u044f \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Ethernet, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u044b\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u044b 3G \u0438 4G \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0441\u0444\u0435\u0440\u0435 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0438 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0432\u0435\u0449\u0435\u0439.\n\n\u041e\u043d \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f VPN, \u043e\u0431\u043b\u0430\u0447\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u043c\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u044f\u0442\u044c RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441: \u0422\u0410\u041b\u041e\u0421-2022-1578 (CVE-2022-34850), TALOS-2022-1577 (CVE-2022-33150), TALOS-2022-1576 (CVE-2022-32765), TALOS-2022-1573 (CVE-2022-33325 - CVE-2022-33329)\u00a0\u0438 TALOS-2022-1572 (CVE-2022-33312 - CVE-2022-33314). \n\n\u0412\u0441\u0435 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVSS 9,1 \u0438\u0437 10.\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 TALOS-2022-1580 (CVE-2022-34845) \u0438\u00a0TALOS-2022-1570 (CVE-2022-32585) \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE, \u043d\u043e \u0438\u0437-\u043f\u043e\u0434 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e\u0431\u044b \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c TALOS-2022-1575 (CVE-2022-35261 - CVE-2022-35271) \u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hashFirst \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c TALOS-2022-1571 (CVE-2022-28127) \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u043d\u043e \u0432\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0438\u043c\u0435\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438.\n\nCisco Talos \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 Robustel \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Robustel R1510 \u0434\u043e \u043d\u043e\u0432\u0435\u0439\u0448\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0438 3.3.0 \u0438 3.1.16.", "creation_timestamp": "2022-10-13T15:05:03.000000Z"}, {"uuid": "3ade2621-2f6e-4f57-8227-7252601049f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3332", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11816", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3332\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.\n\ud83d\udccf Published: 2022-09-28T04:35:11.000Z\n\ud83d\udccf Modified: 2025-04-15T13:46:55.704Z\n\ud83d\udd17 References:\n1. https://github.com/vuls/vuls/blob/main/Food%20Ordering%20Management%20System%20router.php%20SQL%20Injection.pdf\n2. https://vuldb.com/?id.209583", "creation_timestamp": "2025-04-15T13:54:39.000000Z"}, {"uuid": "90063a55-74fb-4615-b9d2-16ebc020cefd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33329", "type": "seen", "source": "https://t.me/ics_cert/629", "content": "\u0634\u0631\u06a9\u062a Cisco Talos \u0627\u062e\u06cc\u0631\u0627\u064b 9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631 \u0631\u0648\u062a\u0631 \u0633\u0644\u0648\u0644\u06cc \u0635\u0646\u0639\u062a\u06cc Robustel R1510 \u06a9\u0634\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0622\u0646\u0647\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0648 DoS \u0634\u0648\u062f.\n\n Robustel R1510 \u06cc\u06a9 \u0631\u0648\u062a\u0631 \u0628\u06cc \u0633\u06cc\u0645 \u062f\u0648 \u067e\u0648\u0631\u062a \u0627\u062a\u0631\u0646\u062a \u0627\u0633\u062a \u06a9\u0647 \u0633\u06cc\u06af\u0646\u0627\u0644 \u0647\u0627\u06cc \u0646\u0633\u0644 \u06f3 \u0648 \u0646\u0633\u0644 \u06f4  \u0628\u06cc \u0633\u06cc\u0645  \u0631\u0627 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u062f\u0647\u0627\u06cc \u0635\u0646\u0639\u062a\u06cc \u0648 IoT \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f. \n\u0627\u06cc\u0646 \u0634\u0627\u0645\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0646\u0644 VPN \u0628\u0627\u0632\u060c \u06cc\u06a9 \u067e\u0644\u062a \u0641\u0631\u0645 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0627\u0628\u0631 \u0628\u0631\u0627\u06cc \u0633\u0627\u06cc\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627 \u0648 \u0631\u0648\u062a\u0631\u0647\u0627 \u0648 \u0631\u0627\u0647 \u062d\u0644 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u062e\u062a\u0644\u0641 \u0627\u0633\u062a. \n\n\u0645\u062d\u0642\u0642\u0627\u0646 \u062e\u0627\u0637\u0631\u0646\u0634\u0627\u0646 \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u067e\u0646\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc RCE \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f: TALOS-2022-1578 (CVE-2022-34850)\u060c TALOS-2022-1577 (CVE-2022-33150)\u060c TALOS- 2022-1576 (CVE-2022-32765)\u060c TALOS-2022-1573 (CVE-2022-33325 - CVE-2022-33329) \u0648 TALOS-2022-1572 (CVE-2022-333312 - CVE-2022-333312 - CVE-2022-33325). \u0647\u0645\u0647 \u062f\u0627\u0631\u0627\u06cc \u0646\u0645\u0631\u0647 \u0634\u062f\u062a CVSS 9.1 \u0627\u0632 10 \u0647\u0633\u062a\u0646\u062f. \u062f\u0648 TALOS-2022-1580 \u062f\u06cc\u06af\u0631 (CVE-2022-34845) \u0648 TALOS-2022-1570 (CVE-2022-32585) \u0646\u06cc\u0632 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0634\u0648\u0646\u062f\u060c \u0627\u0645\u0627 \u06a9\u0645\u062a\u0631 \u0645\u062f\u06cc\u0631 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0628\u0631\u0627\u06cc \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 TALOS-2022-1575 (CVE-2022-35261 - CVE-2022-35271) \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u0648 \u0628\u0627\u0639\u062b \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 \u062f\u0631 \u0639\u0645\u0644\u06a9\u0631\u062f hashFirst \u0633\u0631\u0648\u0631 \u0648\u0628 \u062f\u0633\u062a\u06af\u0627\u0647 \u0634\u0648\u062f. \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc TALOS-2022-1571 (CVE-2022-28127) \u062f\u0631 \u0648\u0628 \u0633\u0631\u0648\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0639\u0648\u0636 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u062d\u0630\u0641 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u062d\u062a\u06cc \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0628\u0631\u0631\u0633\u06cc \u067e\u06cc\u0645\u0627\u06cc\u0634 \u0645\u0633\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f. Cisco Talos \u0628\u0627 Robustel \u06a9\u0627\u0631 \u06a9\u0631\u062f \u062a\u0627 \u0631\u0627\u0647 \u062d\u0644\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u06a9\u0644\u0627\u062a \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0648 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 \u0627\u0631\u0627\u0626\u0647 \u062f\u0647\u062f. \n\n\u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 Robustel R1510 \u0631\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 3.3.0 \u0648 3.1.16 \u0628\u0647 \u0631\u0648\u0632 \u06a9\u0646\u0646\u062f.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-10-13T17:22:33.000000Z"}, {"uuid": "8c1eab0b-ff3d-4190-b5ea-e58324a1d41d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33325", "type": "seen", "source": "https://t.me/ics_cert/629", "content": "\u0634\u0631\u06a9\u062a Cisco Talos \u0627\u062e\u06cc\u0631\u0627\u064b 9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631 \u0631\u0648\u062a\u0631 \u0633\u0644\u0648\u0644\u06cc \u0635\u0646\u0639\u062a\u06cc Robustel R1510 \u06a9\u0634\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0622\u0646\u0647\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0648 DoS \u0634\u0648\u062f.\n\n Robustel R1510 \u06cc\u06a9 \u0631\u0648\u062a\u0631 \u0628\u06cc \u0633\u06cc\u0645 \u062f\u0648 \u067e\u0648\u0631\u062a \u0627\u062a\u0631\u0646\u062a \u0627\u0633\u062a \u06a9\u0647 \u0633\u06cc\u06af\u0646\u0627\u0644 \u0647\u0627\u06cc \u0646\u0633\u0644 \u06f3 \u0648 \u0646\u0633\u0644 \u06f4  \u0628\u06cc \u0633\u06cc\u0645  \u0631\u0627 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u062f\u0647\u0627\u06cc \u0635\u0646\u0639\u062a\u06cc \u0648 IoT \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f. \n\u0627\u06cc\u0646 \u0634\u0627\u0645\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0646\u0644 VPN \u0628\u0627\u0632\u060c \u06cc\u06a9 \u067e\u0644\u062a \u0641\u0631\u0645 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0627\u0628\u0631 \u0628\u0631\u0627\u06cc \u0633\u0627\u06cc\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627 \u0648 \u0631\u0648\u062a\u0631\u0647\u0627 \u0648 \u0631\u0627\u0647 \u062d\u0644 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u062e\u062a\u0644\u0641 \u0627\u0633\u062a. \n\n\u0645\u062d\u0642\u0642\u0627\u0646 \u062e\u0627\u0637\u0631\u0646\u0634\u0627\u0646 \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u067e\u0646\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc RCE \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f: TALOS-2022-1578 (CVE-2022-34850)\u060c TALOS-2022-1577 (CVE-2022-33150)\u060c TALOS- 2022-1576 (CVE-2022-32765)\u060c TALOS-2022-1573 (CVE-2022-33325 - CVE-2022-33329) \u0648 TALOS-2022-1572 (CVE-2022-333312 - CVE-2022-333312 - CVE-2022-33325). \u0647\u0645\u0647 \u062f\u0627\u0631\u0627\u06cc \u0646\u0645\u0631\u0647 \u0634\u062f\u062a CVSS 9.1 \u0627\u0632 10 \u0647\u0633\u062a\u0646\u062f. \u062f\u0648 TALOS-2022-1580 \u062f\u06cc\u06af\u0631 (CVE-2022-34845) \u0648 TALOS-2022-1570 (CVE-2022-32585) \u0646\u06cc\u0632 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0634\u0648\u0646\u062f\u060c \u0627\u0645\u0627 \u06a9\u0645\u062a\u0631 \u0645\u062f\u06cc\u0631 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0634\u0628\u06a9\u0647 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0648\u06cc\u0698\u0647 \u0628\u0631\u0627\u06cc \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 TALOS-2022-1575 (CVE-2022-35261 - CVE-2022-35271) \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f \u0648 \u0628\u0627\u0639\u062b \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 \u062f\u0631 \u0639\u0645\u0644\u06a9\u0631\u062f hashFirst \u0633\u0631\u0648\u0631 \u0648\u0628 \u062f\u0633\u062a\u06af\u0627\u0647 \u0634\u0648\u062f. \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc TALOS-2022-1571 (CVE-2022-28127) \u062f\u0631 \u0648\u0628 \u0633\u0631\u0648\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0639\u0648\u0636 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u062d\u0630\u0641 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u062d\u062a\u06cc \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0628\u0631\u0631\u0633\u06cc \u067e\u06cc\u0645\u0627\u06cc\u0634 \u0645\u0633\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f. Cisco Talos \u0628\u0627 Robustel \u06a9\u0627\u0631 \u06a9\u0631\u062f \u062a\u0627 \u0631\u0627\u0647 \u062d\u0644\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u06a9\u0644\u0627\u062a \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0648 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0628\u0631\u0627\u06cc \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 \u0627\u0631\u0627\u0626\u0647 \u062f\u0647\u062f. \n\n\u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 Robustel R1510 \u0631\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 3.3.0 \u0648 3.1.16 \u0628\u0647 \u0631\u0648\u0632 \u06a9\u0646\u0646\u062f.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-10-13T17:22:33.000000Z"}, {"uuid": "23bda6c7-8e07-4fc4-b3f7-691c00dda786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33323", "type": "seen", "source": "https://t.me/cibsecurity/57377", "content": "\u203c CVE-2022-33323 \u203c\n\nActive Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-02T12:14:42.000000Z"}, {"uuid": "645e5af0-35f6-456a-99c9-31eb24aac9c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33325", "type": "seen", "source": "https://t.me/true_secator/3558", "content": "Cisco Talos \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0434\u0435\u0432\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u043e\u0442\u043e\u0432\u043e\u043c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0435 Robustel R1510, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u0438 DoS.\n\nRobustel R1510 \u2014 \u044d\u0442\u043e \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440 \u0441 \u0434\u0432\u0443\u043c\u044f \u043f\u043e\u0440\u0442\u0430\u043c\u0438 Ethernet, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u044b\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u044b 3G \u0438 4G \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0441\u0444\u0435\u0440\u0435 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0438 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0432\u0435\u0449\u0435\u0439.\n\n\u041e\u043d \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f VPN, \u043e\u0431\u043b\u0430\u0447\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u043c\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u044f\u0442\u044c RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441: \u0422\u0410\u041b\u041e\u0421-2022-1578 (CVE-2022-34850), TALOS-2022-1577 (CVE-2022-33150), TALOS-2022-1576 (CVE-2022-32765), TALOS-2022-1573 (CVE-2022-33325 - CVE-2022-33329)\u00a0\u0438 TALOS-2022-1572 (CVE-2022-33312 - CVE-2022-33314). \n\n\u0412\u0441\u0435 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVSS 9,1 \u0438\u0437 10.\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 TALOS-2022-1580 (CVE-2022-34845) \u0438\u00a0TALOS-2022-1570 (CVE-2022-32585) \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE, \u043d\u043e \u0438\u0437-\u043f\u043e\u0434 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e\u0431\u044b \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c TALOS-2022-1575 (CVE-2022-35261 - CVE-2022-35271) \u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hashFirst \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c TALOS-2022-1571 (CVE-2022-28127) \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u043d\u043e \u0432\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0438\u043c\u0435\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438.\n\nCisco Talos \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 Robustel \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Robustel R1510 \u0434\u043e \u043d\u043e\u0432\u0435\u0439\u0448\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0438 3.3.0 \u0438 3.1.16.", "creation_timestamp": "2022-10-13T15:05:03.000000Z"}, {"uuid": "37141739-195a-4e8a-93e4-44d5d18496fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33321", "type": "seen", "source": "https://t.me/cibsecurity/52670", "content": "\u203c CVE-2022-33321 \u203c\n\nCleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T22:35:33.000000Z"}, {"uuid": "5af3d92d-3393-4174-9545-e3a761259aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33324", "type": "seen", "source": "https://t.me/cibsecurity/55227", "content": "\u203c CVE-2022-33324 \u203c\n\nImproper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T07:14:10.000000Z"}, {"uuid": "d07f1be7-0636-489f-a7a3-3381b3a8d895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3332", "type": "seen", "source": "https://t.me/cibsecurity/50570", "content": "\u203c CVE-2022-3332 \u203c\n\nA vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T12:33:57.000000Z"}, {"uuid": "338a8584-3fa3-4509-bfef-23946329c901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33322", "type": "seen", "source": "https://t.me/cibsecurity/52676", "content": "\u203c CVE-2022-33322 \u203c\n\nCross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T22:35:41.000000Z"}, {"uuid": "c9086025-182d-4415-812e-70a664172767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33320", "type": "seen", "source": "https://t.me/cibsecurity/46695", "content": "\u203c CVE-2022-33320 \u203c\n\nDeserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file including malicious XML codes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T20:12:21.000000Z"}, {"uuid": "4ea179e7-ff9b-4dd4-ae8d-1f79435c389f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33328", "type": "seen", "source": "https://t.me/cibsecurity/45446", "content": "\u203c CVE-2022-33328 \u203c\n\nMultiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:53.000000Z"}, {"uuid": "88ca4e57-9de3-47f5-8426-fc86e52dcc08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33327", "type": "seen", "source": "https://t.me/cibsecurity/45443", "content": "\u203c CVE-2022-33327 \u203c\n\nMultiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:43:49.000000Z"}, {"uuid": "0a765e60-068b-4bbc-9d00-99f4c3821e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33326", "type": "seen", "source": "https://t.me/cibsecurity/45458", "content": "\u203c CVE-2022-33326 \u203c\n\nMultiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T22:44:07.000000Z"}]}