Tag
FortiBleed Campaign: 73,932 FortiGate Systems Credentials Exposed
3 rules 9 TTPs 1 IOCA Russian-speaking threat group utilized a large dataset of administrative and VPN credentials, likely sourced from exposed FortiGate configuration files and active credential harvesting, to access government, critical infrastructure, and multinational corporate networks, resulting in widespread data exfiltration.
Hitachi Energy GMS600 Vulnerable to Bleichenbacher Attack via CVE-2022-4304
2 rules 1 TTP 1 CVEHitachi Energy GMS600 versions 1.3.0 and 1.3.1 are affected by CVE-2022-4304, a vulnerability in the OpenSSL RSA Decryption implementation; an attacker could exploit this timing-based side channel to recover plaintext across a network in a Bleichenbacher-style attack by sending trial messages to the server and recording processing times, eventually decrypting application data.
Siemens SIPROTEC 5 Insufficient Session ID Randomness Leads to Session Hijacking (CVE-2024-54017)
2 rules 1 TTP 1 CVESiemens SIPROTEC 5 devices are vulnerable to session hijacking (CVE-2024-54017) due to the use of insufficiently random numbers in session identifier generation, potentially allowing an unauthenticated remote attacker to brute-force a valid session and gain unauthorized read access.
ABB Edgenius Management Portal Authentication Bypass Vulnerability
2 rules 1 TTP 1 CVEAn authentication bypass vulnerability in ABB Edgenius Management Portal versions 3.2.0.0 and 3.2.1.1 allows attackers to execute arbitrary code and modify application configurations by sending a specially crafted message to the system node.