{"vulnerability": "cve-2023-2848", "sightings": [{"uuid": "9df36922-e52e-4435-9fe2-6f3a761ad6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28484", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"}, {"uuid": "191042b9-2a5e-49b2-bdc8-ed7212630703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28486", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lyswb6kj5fg2", "content": "", "creation_timestamp": "2025-09-14T18:29:21.796397Z"}, {"uuid": "64151ef3-ea43-472d-bda2-989a4a6d8a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28487", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lytkxah4rvu2", "content": "", "creation_timestamp": "2025-09-15T00:39:17.057525Z"}, {"uuid": "e35b0cbd-399b-4549-a34e-5a9e0da3b878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28486", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mebc5tsky22a", "content": "", "creation_timestamp": "2026-02-07T11:16:00.943815Z"}, {"uuid": "30630bb7-ad1b-4a1f-92e2-b51ba74657cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28488", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3867", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28488\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2023-04-12T16:15:19.353\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488\n2. https://kernel.googlesource.com/pub/scm/network/connman/connman/+/99e2c16ea1cced34a5dc450d76287a1c3e762138\n3. https://lists.debian.org/debian-lts-announce/2023/04/msg00024.html\n4. https://www.debian.org/security/2023/dsa-5416\n5. https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488\n6. https://kernel.googlesource.com/pub/scm/network/connman/connman/+/99e2c16ea1cced34a5dc450d76287a1c3e762138\n7. https://lists.debian.org/debian-lts-announce/2023/04/msg00024.html\n8. https://www.debian.org/security/2023/dsa-5416", "creation_timestamp": "2025-02-08T06:03:16.000000Z"}, {"uuid": "89ae0667-d565-41dc-9c57-c002a91d817d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28489", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/743", "content": "\u0647\u0634\u062f\u0627\u0631\n\u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a Siemens\n\n\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0648\u0628 \u0633\u0631\u0648\u0631 \u0645\u0627\u0698\u0648\u0644 \u0647\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u067e\u0631\u062f\u0627\u0632\u0646\u062f\u0647 Siemens SICAM CP-8031 \u0648 CP-8050 \u0628\u0647 \u0628\u0631\u0631\u0633\u06cc \u0646\u0627\u06a9\u0627\u0641\u06cc \u0622\u0631\u06af\u0648\u0645\u0627\u0646 \u0647\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0628\u0647 \u0641\u0631\u0645\u0627\u0646 \u0645\u0631\u0628\u0648\u0637 \u0645\u06cc \u0634\u0648\u062f. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u06cc\u06a9 \u0641\u0631\u0645\u0627\u0646 \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f\n\nBDU: 2023-02054\nCVE-2023-28489\n\n\u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0647\u0627 \u0631\u0627 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\u0646\u0635\u0628 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0647\u0627\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u06cc \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u0648\u0631\u062a \u0647\u0627\u06cc 80 \u0648 443 TCP.\n- \u067e\u0627\u0631\u0627\u0645\u062a\u0631 \"\u0639\u0645\u0644\u06cc\u0627\u062a \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (\u06a9\u0646\u062a\u0631\u0644 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631)\" \u0631\u0627 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0646\u06cc\u062f.\n- \u062a\u0642\u0633\u06cc\u0645 \u0628\u0646\u062f\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0628\u062e\u0634 \u0635\u0646\u0639\u062a\u06cc \u0627\u0632 \u0632\u06cc\u0631\u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062f\u06cc\u06af\u0631.\n- \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a)\u061b\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631.\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0635\u0648\u0635\u06cc \u0645\u062c\u0627\u0632\u06cc \u0628\u0631\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646\u062f\u0647\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (VPN).\n\n\u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0633\u0627\u0632\u0646\u062f\u0647:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-472454.pdf\n\n\u0644\u0637\u0641\u0627 \u0646\u0638\u0631\u0627\u062a \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u06cc\u062f. \u0627\u0632 \u0628\u0627\u0632\u062e\u0648\u0631\u062f \u0634\u0645\u0627 \u0627\u0633\u062a\u0642\u0628\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2023-04-29T17:55:10.000000Z"}, {"uuid": "58bff5ab-05d5-4bce-ab09-e5a75558be72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28489", "type": "seen", "source": "https://t.me/true_secator/4281", "content": "\u0414\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043e \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u043f\u0440\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0432\u0435\u043d\u0434\u043e\u0440\u0430\u043c\u0438 \u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c\u0438 ICS, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0435 \u0440\u0430\u0437 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u043b\u0438 \u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c. \u0412\u043a\u0440\u0430\u0442\u0446\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u043c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 FortiPresence (\u0432\u0435\u0440\u0441\u0438\u0438 1.0, 1.1 \u0438 1.2) \u043e\u0442 Fortinet \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u043c Redis \u0438 MongoDB. CVE-2022-41331 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,3 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e, Fortinet \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438 RCE, \u0432 FortiOS, FortiProxy, FortiSandbox, FortiDeceptor, FortiWeb, FortiClient \u0434\u043b\u044f Windows \u0438 macOS, FortiSOAR, FortiADC, FortiDDoS, FortiDDoS-F, FortiAnalyzer. \u0438 FortiManager.\n\n\u0418\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 SAP: CVE-2023-27267, CVE-2023-28765\u00a0\u0438 CVE-2023-29186. \u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 11 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u0432\u00a0\u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0438 \u0441\u0440\u0435\u0434\u043d\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\nCVE-2023-27267\u00a0\u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,0, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0430 \u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043d\u0430 OSCommand Bridge \u0430\u0433\u0435\u043d\u0442\u0430 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 SAP \u0432\u0435\u0440\u0441\u0438\u0438 720. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2023-28765\u00a0(CVSS: 9,8)- \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 SAP BusinessObjects Business Intelligence (\u0432\u0435\u0440\u0441\u0438\u0438 420 \u0438 430), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u0431\u0430\u0437\u043e\u0432\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0437\u0430\u043f\u0438\u0441\u044f\u043c.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0441 CVSS 8,7 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 (CVE-2023-29186) \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 SAP NetWeaver (\u0432\u0435\u0440\u0441\u0438\u0439 707, 737, 747 \u0438 757) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 SAP.\n\nSiemens \u0438 Schneider Electric\u00a0\u043d\u0430 \u043f\u0430\u0440\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0438 \u0434\u043b\u044f 38 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n26 \u0438\u0437 \u043d\u0438\u0445 \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043d\u0430 Siemens,\u00a0\u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 - \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0438 \u043c\u0435\u0440\u044b \u043f\u043e \u0438\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e, \u0430 \u043f\u043e \u0440\u044f\u0434\u0443 - \u0432\u043e\u0432\u0441\u0435 \u043d\u0435 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2023-28489, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u044b (RTU) Sicam \u0441\u0435\u0440\u0438\u0438 A8000 \u0434\u043b\u044f \u0442\u0435\u043b\u0435\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0441\u0435\u043a\u0442\u043e\u0440\u0435 \u044d\u043d\u0435\u0440\u0433\u043e\u0441\u043d\u0430\u0431\u0436\u0435\u043d\u0438\u044f. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435\n\n\u00a0Siemens\u00a0 \u043f\u0440\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 DoS \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 Simatic \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Siprotec 5, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u0445 \u0432 \u041e\u0421 Wind River VxWorks, \u044f\u0434\u0440\u0435 Linux, OPC Foundation Local Discovery Server (LDS), Luxion KeyShot \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445.\n\n\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0445 \u00a0Siemens,\u00a0 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0430\u043d\u0430\u043b\u0438\u0437\u043e\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0447\u0442\u043e \u0447\u0430\u0441\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE. \u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 JT Open Toolkit, JT Utilities, Teamcenter Visualization, JT2Go \u0438 TIA Portal.\n\n\u00a0Schneider Electric\u00a0\u00a0\u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u043c\u0435\u0440\u0430\u043c\u0438 \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0439 \u0435\u0449\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0438 \u043e\u0434\u043d\u0443 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 \u041f\u041e \u0434\u043b\u044f \u043e\u043d\u043b\u0430\u0439\u043d-\u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 APC \u0438 Easy UPS. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u0438\u043b\u0438 DoS.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u044b \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u043f\u0440\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 RCE-\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0432 InsightHome \u0438 InsightFacility. \u0412 \u041f\u041e EcoStruxure Control Expert \u0434\u043b\u044f \u041f\u041b\u041a \u0438 \u041f\u0410\u041a Modicon \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 RCE \u0438 DoS.\u00a0\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043e\u0448\u0438\u0431\u043a\u0438 DoS \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u041f\u041b\u041a \u0438 PAC Modicon.", "creation_timestamp": "2023-04-12T18:33:43.000000Z"}, {"uuid": "018bd3bc-ecde-42cc-8ab1-e5b24a114eb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28484", "type": "seen", "source": "https://t.me/ctinow/182363", "content": "https://ift.tt/YlBzw7g\nCVE-2023-28484 | Oracle MySQL Cluster 8.0.34 and prior/8.1.0 denial of service", "creation_timestamp": "2024-02-10T00:31:41.000000Z"}, {"uuid": "4d89b389-669b-4ba2-82b6-d5a9f29854f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2848", "type": "seen", "source": "https://t.me/cibsecurity/70445", "content": "\u203c CVE-2023-2848 \u203c\n\nMovim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-14T16:31:45.000000Z"}, {"uuid": "301746fa-019c-42a0-9c10-bb7dc770b939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28480", "type": "seen", "source": "https://t.me/cibsecurity/68474", "content": "\u203c CVE-2023-28480 \u203c\n\nAn issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T22:19:49.000000Z"}, {"uuid": "e5d980a7-7336-4ee9-82b2-1ff1e797b8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28483", "type": "seen", "source": "https://t.me/cibsecurity/68468", "content": "\u203c CVE-2023-28483 \u203c\n\nAn issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL queries that contain UDFs can bypass this configuration setting and, as a consequence, can write to any file location to which the administrative user has access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T22:19:41.000000Z"}, {"uuid": "578d77b2-c054-4fa5-822b-58bfc281ce8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28482", "type": "seen", "source": "https://t.me/cibsecurity/68472", "content": "\u203c CVE-2023-28482 \u203c\n\nAn issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T22:38:16.000000Z"}, {"uuid": "3a843455-3a12-4ca5-a3e3-207df76b8844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28481", "type": "seen", "source": "https://t.me/cibsecurity/68464", "content": "\u203c CVE-2023-28481 \u203c\n\nAn issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T22:19:37.000000Z"}, {"uuid": "b7b3f0db-ecd9-4ddc-8798-9e1e97d2bc94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28485", "type": "seen", "source": "https://t.me/cibsecurity/65516", "content": "\u203c CVE-2023-28485 \u203c\n\nA stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T20:42:55.000000Z"}, {"uuid": "07b31267-b173-49a8-9acd-2729a535817f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28484", "type": "seen", "source": "https://t.me/cibsecurity/62769", "content": "\u203c CVE-2023-28484 \u203c\n\nIn libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T00:19:34.000000Z"}, {"uuid": "58fe59d2-3517-4e2d-89ee-a7c1a97e1945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28488", "type": "seen", "source": "https://t.me/cibsecurity/61980", "content": "\u203c CVE-2023-28488 \u203c\n\nclient.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T20:44:38.000000Z"}, {"uuid": "d08e9705-b921-4007-a183-623991f5d8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28489", "type": "seen", "source": "https://t.me/cibsecurity/61849", "content": "\u203c CVE-2023-28489 \u203c\n\nA vulnerability has been identified in CP-8031 MASTER MODULE (All versions &lt; CPCI85 V05), CP-8050 MASTER MODULE (All versions &lt; CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter \u00e2\u20ac\u0153Remote Operation\u00e2\u20ac\ufffd is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T14:23:33.000000Z"}, {"uuid": "db76d169-e020-4d1d-91a3-4138fc41cb11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28486", "type": "seen", "source": "https://t.me/cibsecurity/60108", "content": "\u203c CVE-2023-28486 \u203c\n\nSudo before 1.9.13 does not escape control characters in log messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T06:30:30.000000Z"}, {"uuid": "7ae1c609-0caf-431a-b4e5-62ba7e3d95cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28487", "type": "seen", "source": "https://t.me/cibsecurity/60103", "content": "\u203c CVE-2023-28487 \u203c\n\nSudo before 1.9.13 does not escape control characters in sudoreplay output.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T06:30:22.000000Z"}]}