Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21395PUBLISHED: 2023-01-27
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user sub...
CVE-2022-48070PUBLISHED: 2023-01-27Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
CVE-2022-48071PUBLISHED: 2023-01-27Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
CVE-2022-48072PUBLISHED: 2023-01-27Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
CVE-2022-48073PUBLISHED: 2023-01-27Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
User Rank: Ninja
6/25/2019 | 10:53:56 AM
Write-Host " "
Write-Host "Block Triton ICS Port 39929"
Write-Host "-------------------------------"
$Name = "Triton-ICS-Attack-Port-39929"
$Triton = (Get-NetFirewallRule -DisplayName $Name)
$TPort = (Get-NetFirewallrule -DisplayName $Name | Get-NetFirewallPortFilter).LocalPort
if ( ( ($Triton).DisplayName -eq $Name) -And ($TPort -eq 39929) ) {
Write-Host $Name "exists - ok"
} else {
New-Netfirewallrule -Action Block -Enabled True -Direction Inbound -LocalPort 39929 -RemoteAddress Localsubnet -Name $Name -Profile Any -Protocol TCP -DisplayName $Name -RemotePort Any -Description "Triton-ICS-Attack-Port-39929"
Get-NetFirewallRule -Name $Name
}
Antivirus Entry - Go to antivirus and program the software to look for "imain.bin, inject.bin and trilog.exe". Also, I recommend using Comodo HIDS or other software solutions that initiate system baselines. If the system identifies any changes, then the application would stop the file from executing if it was considered nefarious.
From a linux standpoint:
iptables -I INPUT 1 -p tcp -m multiport --dport 39929 -m conntrack --ctstate NEW,ESTABLISHED -j DROP (iptables FW that tracks and Drops the port)
or
ufw allow in proto tcp from 0.0.0.0/0 to 0.0.0.0 port 39929 comment "Triton Blocked Port" (UFW Firewall Entry)
Download chkrootkit and/or rkhunter on the Linux/Unix machines to help find this potential problem.
Todd S,
Enterprise Architect
https://itotsnetworks.com