{"vulnerability": "cve-2024-6242", "sightings": [{"uuid": "dd6851c1-ff6f-49d5-9e42-edefc7859795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "Telegram/paVsglU9IXz3tKZGdRsqNi_IIAgkALQ_LsRO4KvfbHbk5w", "content": "", "creation_timestamp": "2024-08-05T08:34:18.000000Z"}, {"uuid": "a4dc667b-a300-4b80-b996-31dd5c034a1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/119", "content": "#SCADA_Security\nBypassing Rockwell Automation Logix Controllers\u2019 Local Chassis Security Protection (CVE-2024-6242)\nhttps://claroty.com/team82/research/bypassing-rockwell-automation-logix-controllers-local-chassis-security-protection", "creation_timestamp": "2024-08-06T06:41:29.000000Z"}, {"uuid": "04935e7e-d759-455f-bf78-17a20f5ef40a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "https://t.me/ics_cert/888", "content": "\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f \u0627\u0633\u0644\u0627\u062a \u0645\u0637\u0645\u0626\u0646 Rockwell Automation 1756-EN4TR\u060c 1756-EN2T Series A/B/C\u060c 1756-EN2F Series A/B\u060c 1756-EN2TR Series A/B\u060c 1756-EN3TR Series B\u060c 1756-EN2T Series \u06a9\u0646\u062a\u0631\u0644\u200c\u06a9\u0646\u0646\u062f\u0647\u200c\u0647\u0627\u06cc \u0645\u0646\u0637\u0642\u06cc Series D\u060c 1756-EN2F Series C\u060c 1756-EN2TR Series C\u060c 1756-EN3TR Series B\u060c 1756-EN2TP Series A \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u06a9\u0627\u0646\u0627\u0644 \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 \u0646\u0627\u0627\u0645\u0646 \u0645\u0631\u062a\u0628\u0637 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u067e\u0631\u0648\u0698\u0647 \u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0648/\u06cc\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u062f\u0633\u062a\u06af\u0627\u0647 \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u0633\u062a\u0648\u0631\u0627\u062a CIP \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u062f.\n\nBDU: 2024-05963\nCVE-2024-6242\n\n\u0646\u0635\u0628 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f\n\u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0634\u0631\u0627\u06cc\u0637 \u0641\u0639\u0644\u06cc \u0648 \u062a\u062d\u0631\u06cc\u0645 \u0647\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u0634\u062f\u0647\u060c \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0648\u0631\u0627\u062a CIP \u0645\u062c\u0627\u0632 \u0631\u0648\u06cc \u06a9\u0646\u062a\u0631\u0644\u0631\u0647\u0627 \u0628\u0627 \u062a\u0646\u0638\u06cc\u0645 \u0633\u0648\u0626\u06cc\u0686 \u062d\u0627\u0644\u062a \u062f\u0631 \u0645\u0648\u0642\u0639\u06cc\u062a RUN.\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u062f\u0631 \u0633\u0637\u062d \u0628\u0631\u0646\u0627\u0645\u0647 \u0648\u0628 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u0627\u0645\u06a9\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631.\n- \u062a\u0642\u0633\u06cc\u0645 \u0628\u0646\u062f\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0628\u062e\u0634 \u0635\u0646\u0639\u062a\u06cc \u0627\u0632 \u0632\u06cc\u0631\u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062f\u06cc\u06af\u0631.\n- \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a)\u061b\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0635\u0648\u0635\u06cc \u0645\u062c\u0627\u0632\u06cc \u0628\u0631\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646\u062f\u0647\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (VPN).\n\n\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0633\u0627\u0632\u0646\u062f\u0647:\nhttps://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html\n\n\n\ud83c\udfaf \u062f\u0631 \u062c\u0631\u06cc\u0627\u0646 \u0646\u0628\u0636 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0635\u0646\u0639\u062a\u06cc \u0628\u0627\u0634\u06cc\u062f:\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\n\u200fhttps://t.me/ics_cert", "creation_timestamp": "2024-08-09T16:19:29.000000Z"}, {"uuid": "fcf4ebce-a43d-49ee-ba5b-2397301e9844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "https://t.me/cyber_hsecurity/1613", "content": "3. \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a:\n   - \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0645\u0646 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0625\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u0636\u064a\u0641 (host operating system). \u0647\u0630\u0627 \u064a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062f\u064a\u0631 \u0648\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631.\n\n\u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352\u061f\n\n\u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u060c \u064a\u062c\u0628 \u0627\u062a\u0628\u0627\u0639 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\n1. \u062a\u062d\u062f\u064a\u062b BlueStacks:\n   - \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b BlueStacks \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0644\u0627\u0632\u0645\u0629. \u062a\u0642\u0648\u0645 \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u0645\u0637\u0648\u0631\u0629 \u0628\u0625\u0635\u062f\u0627\u0631 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u062f\u0648\u0631\u064a\u0629 \u0644\u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n\n2. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a:\n   - \u0627\u0633\u062a\u062e\u062f\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a \u0627\u0644\u0645\u062d\u062f\u062b\u0629 \u0644\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0636\u0627\u0631\u0629 \u0648\u0645\u0646\u0639\u0647\u0627 \u0645\u0646 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u062f\u0627\u062e\u0644 BlueStacks.\n\n3. \u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629:\n   - \u0642\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0641\u0642\u0637 \u0645\u0646 \u0645\u062a\u0627\u062c\u0631 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0645\u0648\u062b\u0648\u0642\u0629 \u0645\u062b\u0644 Google Play. \u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641\u0629 \u0623\u0648 \u0645\u0634\u0628\u0648\u0647\u0629.\n\n\u0627\u0644\u062e\u0644\u0627\u0635\u0629:\n\n\u062a\u0639\u062a\u0628\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0641\u064a BlueStacks \u062a\u0647\u062f\u064a\u062f\u064b\u0627 \u062e\u0637\u064a\u0631\u064b\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u062a\u063a\u0644\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u0648\u0646 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0648\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0639\u0644\u0649 \u062f\u0631\u0627\u064a\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062a\u062a\u062e\u0630 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0644\u0627\u0632\u0645\u0629 \u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643\u060c \u0645\u062b\u0644 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a \u0648\u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.\n\n\nhttps://github.com/mmiszczyk/CVE-2024-33352\n\nABO TURAB:\n### CVE-2019-8805: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 Apple EndpointSecurity\n\n#### \u0645\u0642\u062f\u0645\u0629:\n\u0627\u0644\u0645\u0642\u0627\u0644\u0629 \u062a\u062a\u0646\u0627\u0648\u0644 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 EndpointSecurity \u0627\u0644\u062e\u0627\u0635 \u0628\u0634\u0631\u0643\u0629 Apple\u060c \u062a\u064f\u0639\u0631\u0641 \u0628\u0627\u0633\u0645 CVE-2019-8805. \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u0645 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d\u0647\u0645 \u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0643\u0645\u0633\u0624\u0648\u0644 \u0627\u0644\u0646\u0638\u0627\u0645.\n\n#### \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629:\n\n1. \u0645\u0627 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0629 (CVE-2019-8805):\n   - \u062a\u0639\u0631\u064a\u0641: CVE-2019-8805 \u0647\u064a \u062b\u063a\u0631\u0629 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 EndpointSecurity \u0627\u0644\u062e\u0627\u0635 \u0628\u0646\u0638\u0627\u0645 macOS\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a.\n   - \u0643\u064a\u0641 \u062a\u0639\u0645\u0644: \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u062c\u0627\u0648\u0632 \u0642\u064a\u0648\u062f \u0627\u0644\u0623\u0645\u0627\u0646 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0645\u0643\u0646\u0647\u0645 \u0645\u0646 \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0628\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u0645\u0633\u0624\u0648\u0644.\n\n2. \u0643\u064a\u0641 \u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629:\n   - \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u062d\u0644\u064a: \u064a\u062c\u0628 \u0623\u0646 \u064a\u0643\u0648\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0642\u0627\u062f\u0631\u064b\u0627 \u0639\u0644\u0649 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641. \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062d\u062f\u062b \u0630\u0644\u0643 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0642\u062f \u062d\u0635\u0644 \u0628\u0627\u0644\u0641\u0639\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0645\u062d\u062f\u0648\u062f \u0625\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632.\n   - \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629: \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0636\u0627\u0631\u0629 \u0628\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0623\u0639\u0644\u0649\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d\u0647 \u0627\u0644\u0633\u064a\u0637\u0631\u0629 \u0627\u0644\u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632.\n\n3. \u0623\u0645\u062b\u0644\u0629 \u0628\u0633\u064a\u0637\u0629:\n   - \u0645\u062b\u0627\u0644 1: \u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0647\u0646\u0627\u0643 \u0645\u0648\u0638\u0641\u064b\u0627 \u064a\u064f\u062f\u0639\u0649 \u0623\u062d\u0645\u062f \u064a\u0639\u0645\u0644 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 macOS. \u0623\u062d\u0645\u062f \u064a\u0641\u062a\u062d \u0645\u0631\u0641\u0642 \u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631. \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805 \u0644\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u062c\u0647\u0627\u0632 \u0623\u062d\u0645\u062f.\n   - \u0645\u062b\u0627\u0644 2: \u0633\u0627\u0631\u0629 \u062a\u0642\u0648\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u062a\u0637\u0628\u064a\u0642 \u0645\u0646 \u0645\u0635\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642. \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805. \u0628\u0645\u062c\u0631\u062f \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0648\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0643\u0645\u0633\u0624\u0648\u0644.\n\n4. \u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643:\n   - \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0646\u0638\u0627\u0645: \u062a\u0623\u0643\u062f \u062f\u0627\u0626\u0645\u064b\u0627 \u0645\u0646 \u0623\u0646 \u0646\u0638\u0627\u0645 macOS \u0645\u062d\u062f\u062b \u0625\u0644\u0649 \u0622\u062e\u0631 \u0625\u0635\u062f\u0627\u0631\u060c \u062d\u064a\u062b \u064a\u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u062c\u062f\u064a\u062f\u0629.\n   - \u0627\u0644\u062d\u0630\u0631 \u0639\u0646\u062f \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0628\u0631\u0627\u0645\u062c: \u0644\u0627 \u062a\u0642\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u0623\u0648 \u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0627\u0645\u062c \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.\n   - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062d\u0645\u0627\u064a\u0629: \u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632\u0643 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0627\u0639\u062f \u0641\u064a \u0627\u0643\u062a\u0634\u0627\u0641 \u0648\u0625\u064a\u0642\u0627\u0641 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629.\n\n#### \u062e\u0644\u0627\u0635\u0629:\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 Apple EndpointSecurity \u062a\u064f\u0638\u0647\u0631 \u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0644\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u0645 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645. \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0648\u0627\u0644\u062d\u0630\u0631 \u0639\u0646\u062f \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.\n\nALSED404:\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0639\u0627\u0644\u064a\u0629 \u0627\u0644\u062e\u0637\u0648\u0631\u0629 (CVE-2024-6242) \u0641\u064a \u0623\u062c\u0647\u0632\u0629 Rockwell Automation ControlLogix 1756.\n\n\u0642\u062f \u064a\u0624\u062f\u064a \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0625\u0644\u0649 \u0625\u0635\u062f\u0627\u0631 \u0623\u0648\u0627\u0645\u0631 CIP \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647\u0627\u060c \u0645\u0645\u0627 \u064a\u0624\u062b\u0631 \u0639\u0644\u0649 \u062a\u0643\u0648\u064a\u0646\u0627\u062a \u0627\u0644\u062c\u0647\u0627\u0632 \u0648\u0645\u0634\u0627\u0631\u064a\u0639 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html\n\nThe Smart Shadow:\n\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u0642\u0631\u064a\u0631\n\u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u0627\u0644\u0630\u064a \u0623\u0634\u0631\u062a \u0625\u0644\u064a\u0647 \u064a\u062a\u062d\u062f\u062b \u0639\u0646 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 kafka-ui\u060c \u0648\u0647\u064a \u0648\u0627\u062c\u0647\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u0644\u0625\u062f\u0627\u0631\u0629 Apache Kafka. \u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u064a\u0648\u0636\u062d \u0646\u0648\u0639\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a:\n\n1. GHSL-2023-229: \u062b\u063a\u0631\u0629 XSS (Cross-Site Scripting)\n2. GHSL-2023-230: \u062b\u063a\u0631\u0629 \u0623\u062e\u0631\u0649 \u0644\u0645 \u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062f \u0646\u0648\u0639\u0647\u0627 \u0628\u0634\u0643\u0644 \u0648\u0627\u0636\u062d \u0641\u064a \u0627\u0644\u0639\u0646\u0648\u0627\u0646\n\n### GHSL-2023-229: \u062b\u063a\u0631\u0629 XSS\n\u062b\u063a\u0631\u0629 XSS \u062a\u062d\u062f\u062b \u0639\u0646\u062f\u0645\u0627 \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u062d\u0642\u0646 \u0634\u064a\u0641\u0631\u0629 JavaScript \u0636\u0627\u0631\u0629 \u0641\u064a \u0635\u0641\u062d\u0629 \u0648\u064a\u0628\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630\u0647\u0627 \u0641\u064a \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629.\n\n#### \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 (Vulnerable method):\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0646\u0627 \u0637\u0631\u064a\u0642\u0629 \u0641\u064a \u0627\u0644\u0643\u0648\u062f \u062a\u0639\u0631\u0636 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0628\u0627\u0634\u0631\u0629 \u0641\u064a \u0635\u0641\u062d\u0629 HTML \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629:", "creation_timestamp": "2024-12-13T19:00:22.000000Z"}, {"uuid": "afe187c7-8f7f-430e-8c92-c1daf2e96b34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "Telegram/0q9y3klpvP2wfmI7UGJHR_EX1WDLjDl56STiMKX0WJ9HzsFy", "content": "", "creation_timestamp": "2024-08-05T14:29:49.000000Z"}, {"uuid": "7f3eef76-346c-4f7a-ac03-8bdf8e163d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/16851", "content": "The Hacker News\nCritical Flaw in Rockwell Automation Devices Allows Unauthorized Access\n\nA high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol (CIP) programming and configuration commands.\nThe flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 score of 8.4.\n\"A vulnerability exists in the affected products that allows a threat actor to", "creation_timestamp": "2024-08-05T08:34:20.000000Z"}, {"uuid": "d85f88c6-d2fd-4964-8ee1-ba6ada25e24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "published-proof-of-concept", "source": "Telegram/VqupdT1If0f2WK0OFYa9Q6DT2tHt72KGJwRbIKfr9mcO4jw", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"}, {"uuid": "8ad2c277-35cb-4d1b-9423-899d94ae202b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10939", "content": "#SCADA_Security\nBypassing Rockwell Automation Logix Controllers\u2019 Local Chassis Security Protection (CVE-2024-6242)\nhttps://claroty.com/team82/research/bypassing-rockwell-automation-logix-controllers-local-chassis-security-protection", "creation_timestamp": "2024-08-06T11:14:32.000000Z"}, {"uuid": "ec64ea3e-c9c7-4195-aba3-504401dcce8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "https://t.me/cvedetector/2248", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-6242 - Rockwell Automation ControlLogix Controller Trusted Slot Bypass vulnerability allows arbitrary CIP command execution.\", \n  \"Content\": \"CVE ID : CVE-2024-6242 \nPublished : Aug. 1, 2024, 4:15 p.m. | 25\u00a0minutes ago \nDescription : A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-01T18:46:15.000000Z"}, {"uuid": "e0b3c8c5-ce9c-46fa-bd69-95d773fdba44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "Telegram/FAwXDSy9VUTKQUdDt5rZCvLdl8rfdvsIligH9KRU2600WA", "content": "", "creation_timestamp": "2024-08-05T10:31:43.000000Z"}, {"uuid": "7b31f8d5-a770-4eac-92e4-ffce470e1608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/3288", "content": "The Hacker News\nCritical Flaw in Rockwell Automation Devices Allows Unauthorized Access\n\nA high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol (CIP) programming and configuration commands.\nThe flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 score of 8.4.\n\"A vulnerability exists in the affected products that allows a threat actor to", "creation_timestamp": "2024-08-05T08:34:20.000000Z"}, {"uuid": "1b9c499d-05b0-4263-a234-d80668b9b586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "Telegram/deQJVclTVY0HC-xdanbX1SPsvV8Vn8MX0cT1MOnYBp8QO_I", "content": "", "creation_timestamp": "2024-08-03T23:49:04.000000Z"}, {"uuid": "cd737a3c-c31b-4315-b1ed-1b80a3e56ef0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "https://t.me/information_security_channel/52670", "content": "Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers\u00a0\nhttps://www.securityweek.com/security-bypass-vulnerability-found-in-rockwell-automation-logix-controllers/\n\nA high-severity security bypass vulnerability tracked as CVE-2024-6242 has been found and fixed in Rockwell Automation Logix controllers.\nThe post Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers\u00a0 (https://www.securityweek.com/security-bypass-vulnerability-found-in-rockwell-automation-logix-controllers/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-08-02T14:21:30.000000Z"}, {"uuid": "8b88c694-383e-4ad8-adb6-a607eb869eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "seen", "source": "https://t.me/thehackernews/5362", "content": "A high-severity vulnerability (CVE-2024-6242) has been found in Rockwell Automation ControlLogix 1756 devices. \n \nExploiting this vulnerability could lead to unauthorized CIP commands, affecting device configurations and user projects. \n \nRead: https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html", "creation_timestamp": "2024-08-05T14:28:49.000000Z"}, {"uuid": "2d6bbeed-dcee-42eb-9726-c84e6ce10dbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6242", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3728", "content": "#SCADA_Security\nBypassing Rockwell Automation Logix Controllers\u2019 Local Chassis Security Protection (CVE-2024-6242)\nhttps://claroty.com/team82/research/bypassing-rockwell-automation-logix-controllers-local-chassis-security-protection", "creation_timestamp": "2024-08-18T14:34:49.000000Z"}]}