Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525PUBLISHED: 2021-01-22M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
User Rank: Apprentice
2/17/2019 | 1:26:23 AM
How did I engage? I tried to help a friend, inserted my usb stick, turned on the internet as it was needed for my action and Gradcrab 5.1 activated.
I didn't realize it until I noticed that some files from my usb stick changed names.
I was also amazed by the led of usb stick running wild after turning internet on. I knew something was wrong. That was the crypting doing its job.
In 3 minutes the entire folders with txt, docs and zip files were damaged / encrypted.
Luckly I had backups and so my friend, but one thing is obvious: Windows Defender defended NOTHING.
Other systems from same place with Bitdefender installed with Antiransomware and preboot options active were protected.
This is not advertising to this AV provider, it's just a happy case with one damaged computer from 7.
We saved some encrypted files for future use and see if any decryptor will help, but it will be at least 6 months until one will be public.
Thank you