{"vulnerability": "cve-2022-3086", "sightings": [{"uuid": "ceb967f9-86de-4ba9-8911-35b67a293cbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3086", "type": "seen", "source": "https://t.me/ics_cert/666", "content": "\u0647\u0634\u062f\u0627\u0631 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0635\u0646\u0639\u062a\u06cc Moxa \n\n \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0641\u06cc\u0632\u06cc\u06a9\u06cc \u0646\u0627\u0645\u0646\u0627\u0633\u0628 CWE-1263\n \u0645\u0647\u0627\u062c\u0645\u06cc \u06a9\u0647 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc \u0633\u0631\u06cc UC \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0641\u06cc\u0632\u06cc\u06a9\u06cc \u062f\u0627\u0631\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0633\u062a\u06af\u0627\u0647 \u0631\u0627 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u062c\u062f\u062f \u06a9\u0646\u062f \u0648 \u0628\u0647 \u0628\u0627\u06cc\u0648\u0633 \u0622\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.  \u0633\u067e\u0633 \u06af\u0632\u06cc\u0646\u0647 \u0647\u0627\u06cc \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f \u0648 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062a\u0631\u0645\u06cc\u0646\u0627\u0644 \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f.  \u0627\u0632 \u062a\u0631\u0645\u06cc\u0646\u0627\u0644\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062f\u0633\u062a\u06af\u0627\u0647 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u062c\u062f\u06cc\u062f \u0648 \u062f\u0633\u062a\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u062f.\n CVE-2022-3086\u00a0\u0628\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u062e\u062a\u0635\u0627\u0635 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.  \u0646\u0645\u0631\u0647 \u067e\u0627\u06cc\u0647 CVSS v3 7.6 \u0645\u062d\u0627\u0633\u0628\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \n\n\n\u0634\u0631\u06a9\u062a Moxa \u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0647\u0645\u0647 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a. Moxa \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0631\u0627 \u062a\u0634\u0648\u06cc\u0642 \u0645\u06cc\u200c\u06a9\u0646\u062f \u062a\u0627 \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0628\u0627 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0641\u0646\u06cc Moxa(link is external) \u062a\u0645\u0627\u0633 \u0628\u06af\u06cc\u0631\u0646\u062f \u00a0(\u0644\u0627\u0632\u0645 \u0628\u0647 \u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645).\n\n\u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u0627 \u0628\u0647 \u0633\u0627\u0632\u0645\u0627\u0646 \u0647\u0627 \u06cc\u0627\u062f\u0622\u0648\u0631\u06cc \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0642\u0628\u0644 \u0627\u0632 \u0628\u0647 \u06a9\u0627\u0631\u06af\u06cc\u0631\u06cc \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062f\u0641\u0627\u0639\u06cc\u060c \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u062a\u0627\u062b\u06cc\u0631 \u0648 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u0631\u06cc\u0633\u06a9 \u0645\u0646\u0627\u0633\u0628 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f.\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-12-01T20:44:03.000000Z"}, {"uuid": "2beaae9c-47d0-42ed-b693-81b546753734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3086", "type": "seen", "source": "https://t.me/ics_cert/705", "content": "\u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0635\u0646\u0639\u062a\u06cc\n\n\u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 Cradlepoint NetCloud Embedded Operating System (NCOS) \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0627\u0639\u062a\u0628\u0627\u0631 \u0633\u0646\u062c\u06cc \u0646\u0627\u06a9\u0627\u0641\u06cc \u0622\u0631\u06af\u0648\u0645\u0627\u0646 \u0647\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0628\u0647 \u0641\u0631\u0645\u0627\u0646 \u0627\u0633\u062a.  \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u062c\u062f\u062f \u062f\u0633\u062a\u06af\u0627\u0647 \u0648 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0628\u0627\u06cc\u0648\u0633\u060c \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.\n\n BDU: 00694-2023\n CVE-2022-3086\n\n \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0647\u0627 \u0631\u0627 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n \u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0634\u0631\u0627\u06cc\u0637 \u0641\u0639\u0644\u06cc \u0648 \u062a\u062d\u0631\u06cc\u0645 \u0647\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u0634\u062f\u0647\u060c \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f\u061b\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc\u061b\n - \u062a\u0642\u0633\u06cc\u0645 \u0628\u0646\u062f\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0628\u062e\u0634 \u0635\u0646\u0639\u062a\u06cc.\n - \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062a\u062c\u0647\u06cc\u0632\u0627\u062a \u0635\u0646\u0639\u062a\u06cc \u0628\u0631\u0627\u06cc \u0627\u0641\u0631\u0627\u062f\u06cc \u06a9\u0647 \u0645\u062c\u0627\u0632 \u0628\u0647 \u06a9\u0627\u0631 \u0628\u0627 \u0622\u0646 \u0646\u06cc\u0633\u062a\u0646\u062f.\n\n \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627:\n \u0628\u0631\u0627\u06cc \u0645\u062d\u0635\u0648\u0644\u0627\u062a Cradlepoint:\n https://cradlepoint.com/products/netcloud-service/\n\n \u0628\u0631\u0627\u06cc \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0645\u0648\u06a9\u0633\u0627:\n https://www.moxa.com/en/support/product-support/security-advisory/uc-series-improper-physical-access-control-vulnerability\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2023-02-15T17:53:21.000000Z"}, {"uuid": "97d7ad0e-e6f0-4745-bf67-abea66704ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3086", "type": "seen", "source": "https://t.me/cibsecurity/53834", "content": "\u203c CVE-2022-3086 \u203c\n\nAn attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u00e2\u20ac\u2122s authentication files to create a new user and gain full access to the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-02T22:37:09.000000Z"}, {"uuid": "a499192f-b137-4ad4-a8a1-bb1b04f26343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30863", "type": "seen", "source": "https://t.me/cibsecurity/43849", "content": "\u203c CVE-2022-30863 \u203c\n\nFUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-06T18:30:00.000000Z"}, {"uuid": "4e5830fa-e651-4ecc-b563-f0ad7ed4a086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30860", "type": "seen", "source": "https://t.me/cibsecurity/43848", "content": "\u203c CVE-2022-30860 \u203c\n\nFUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-06T18:29:59.000000Z"}, {"uuid": "0a57ddfd-efc8-40eb-9a35-fb5304bebdf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30861", "type": "seen", "source": "https://t.me/cibsecurity/43846", "content": "\u203c CVE-2022-30861 \u203c\n\nFUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-06T18:29:58.000000Z"}]}