update for ignition_rce / CVE-2020-12000
Этот коммит содержится в:
Markus Manzke
родитель
7223e67209
Коммит
93cb49c545
74
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/README.md
Обычный файл
74
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/README.md
Обычный файл
@ -0,0 +1,74 @@
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
##
|
||||
|
||||
|
||||
## Details and Analytics for ignition_rce / CVE-2020-12000
|
||||
|
||||
- [NIST on CVE-2020-12000](https://nvd.nist.gov/vuln/detail/CVE-2020-12000)
|
||||
- [Alert](alert_text.md) - Notes to that alert
|
||||
- [Summary](summary.md): asn/country/network - based summary
|
||||
- [Data](data) - all data, separated by country
|
||||
|
||||
The lists are generated based on combined shodan/OSINT-Queries.
|
||||
|
||||
If we detect a certain CVE with ( CVSS > 8 AND Remote AND Unauthenticated AND
|
||||
(RCE OR PriviledgeEscalation OR FileAccess) or exploits going around,
|
||||
we check if there is a posibility to catch all effected hosts/IPs
|
||||
that could be prone of attacks/exploitation, via shodan and OSINT.
|
||||
|
||||
in a second step we analyse affected IPs and generate ASN/Country-Attribution
|
||||
that will be placed in [data](data)
|
||||
|
||||
|
||||
## Detail - Format (file and content)
|
||||
|
||||
- files are plaintext
|
||||
- file_names are generated by CVE + country [CN]
|
||||
|
||||
-> CVE-20202-XXXX/CVE-2020-XXXXX-[CN].list
|
||||
|
||||
|
||||
file_content:
|
||||
|
||||
~~~
|
||||
|
||||
Country: CZ
|
||||
|
||||
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
|
||||
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
|
||||
195.113.20.168 | ASN. 2852 | CESNET2, CZ
|
||||
78.128.216.72 | ASN. 2852 | CESNET2, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
|
||||
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
|
||||
95.47.178.94 | ASN. 60296 | METRONET-AS, SK
|
||||
|
||||
|
||||
~~~
|
||||
|
||||
|
||||
## Remarks
|
||||
|
||||
please note:
|
||||
- found IPs might contain False-Positives and miss False Negatives
|
||||
- Country/ASN-Attribution might not be correct
|
||||
|
||||
|
||||
- [Traffic Light Protocol (TLP) Definitions and Usage](https://www.us-cert.gov/tlp)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
16
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/alert_text.md
Обычный файл
16
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/alert_text.md
Обычный файл
@ -0,0 +1,16 @@
|
||||
"Ignition" from Inductive Automation, which is used in
|
||||
energy/critical manufacturing industries, has some
|
||||
serious RCE - vulns with CVSS 9.8
|
||||
(CVE-2020-10644, CVE-2020-12000 )
|
||||
|
||||
|
||||
we found various IPs in your ORG/ASN,
|
||||
matching criteria for possible vulnerable systems
|
||||
|
||||
please find a list of affected IPs below
|
||||
and more information on that problem here:
|
||||
|
||||
- https://www.us-cert.gov/ics/advisories/icsa-20-147-01
|
||||
|
||||
|
||||
|
||||
@ -0,0 +1,6 @@
|
||||
|
||||
Country: AU / ignition_rce CVE-2020-12000
|
||||
Total IPs: 2
|
||||
|
||||
110.143.123.233 | ASN. 1221 | ASN-TELSTRA Telstra Corporation Ltd, AU
|
||||
123.209.75.30 | ASN. 1221 | ASN-TELSTRA Telstra Corporation Ltd, AU
|
||||
@ -0,0 +1,6 @@
|
||||
|
||||
Country: CA / ignition_rce CVE-2020-12000
|
||||
Total IPs: 2
|
||||
|
||||
173.183.208.189 | ASN. 852 | ASN852, CA
|
||||
50.99.132.75 | ASN. 852 | ASN852, CA
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: CR / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
190.171.118.33 | ASN. 52263 | Telecable Economico S.A., CR
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: EC / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
181.188.193.140 | ASN. 19114 | Otecel S.A., EC
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: ES / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
212.81.145.181 | ASN. 3262 | SARENET, ES
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: FI / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
37.136.31.163 | ASN. 16086 | DNA, FI
|
||||
@ -0,0 +1,6 @@
|
||||
|
||||
Country: FR / ignition_rce CVE-2020-12000
|
||||
Total IPs: 2
|
||||
|
||||
62.210.8.246 | ASN. 12876 | Online SAS, FR
|
||||
93.0.91.75 | ASN. 15557 | LDCOMNET, FR
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: GB / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
62.121.17.220 | ASN. 8607 | TIMICO United Kingdom, GB
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: GR / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
94.65.44.55 | ASN. 6799 | OTENET-GR Athens - Greece, GR
|
||||
@ -0,0 +1,13 @@
|
||||
|
||||
Country: IN / ignition_rce CVE-2020-12000
|
||||
Total IPs: 9
|
||||
|
||||
175.101.25.107 | ASN. 17754 | EXCELL-AS Excellmedia, IN
|
||||
125.18.250.73 | ASN. 9498 | BBIL-AP BHARTI Airtel Ltd., IN
|
||||
182.71.154.170 | ASN. 9498 | BBIL-AP BHARTI Airtel Ltd., IN
|
||||
117.239.200.115 | ASN. 9829 | BSNL-NIB National Internet Backbone, IN
|
||||
59.90.148.174 | ASN. 9829 | BSNL-NIB National Internet Backbone, IN
|
||||
59.90.85.56 | ASN. 9829 | BSNL-NIB National Internet Backbone, IN
|
||||
59.96.188.137 | ASN. 9829 | BSNL-NIB National Internet Backbone, IN
|
||||
61.1.153.202 | ASN. 9829 | BSNL-NIB National Internet Backbone, IN
|
||||
61.1.153.235 | ASN. 9829 | BSNL-NIB National Internet Backbone, IN
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: PA / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
186.72.245.45 | ASN. 11556 | Cable & Wireless Panama, PA
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: PL / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
89.161.148.173 | ASN. 12824 | HOMEPL-AS, PL
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: PT / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
89.115.221.39 | ASN. 12353 | VODAFONE-PT Vodafone Portugal, PT
|
||||
@ -0,0 +1,5 @@
|
||||
|
||||
Country: UA / ignition_rce CVE-2020-12000
|
||||
Total IPs: 1
|
||||
|
||||
178.210.128.3 | ASN. 49984 | TELCOM-UA-AS, UA
|
||||
@ -0,0 +1,49 @@
|
||||
|
||||
Country: US / ignition_rce CVE-2020-12000
|
||||
Total IPs: 45
|
||||
|
||||
24.230.114.238 | ASN. 11232 | MIDCO-NET, US
|
||||
34.232.208.35 | ASN. 14618 | AMAZON-AES, US
|
||||
52.20.213.253 | ASN. 14618 | AMAZON-AES, US
|
||||
54.174.13.45 | ASN. 14618 | AMAZON-AES, US
|
||||
35.203.36.253 | ASN. 15169 | GOOGLE, US
|
||||
13.237.187.240 | ASN. 16509 | AMAZON-02, US
|
||||
3.133.54.56 | ASN. 16509 | AMAZON-02, US
|
||||
3.135.185.249 | ASN. 16509 | AMAZON-02, US
|
||||
34.209.196.65 | ASN. 16509 | AMAZON-02, US
|
||||
34.219.154.175 | ASN. 16509 | AMAZON-02, US
|
||||
52.13.116.56 | ASN. 16509 | AMAZON-02, US
|
||||
52.14.145.139 | ASN. 16509 | AMAZON-02, US
|
||||
52.34.224.161 | ASN. 16509 | AMAZON-02, US
|
||||
54.200.46.222 | ASN. 16509 | AMAZON-02, US
|
||||
54.241.97.148 | ASN. 16509 | AMAZON-02, US
|
||||
216.177.188.41 | ASN. 16527 | GVTCINTERNET, US
|
||||
172.116.248.33 | ASN. 20001 | TWC-20001-PACWEST, US
|
||||
107.80.220.135 | ASN. 20057 | ATT-MOBILITY-LLC-AS20057, US
|
||||
140.82.8.68 | ASN. 20473 | AS-CHOOPA, US
|
||||
149.248.32.98 | ASN. 20473 | AS-CHOOPA, US
|
||||
166.153.80.170 | ASN. 22394 | CELLCO, US
|
||||
166.161.193.116 | ASN. 22394 | CELLCO, US
|
||||
166.169.77.195 | ASN. 22394 | CELLCO, US
|
||||
166.239.216.206 | ASN. 22394 | CELLCO, US
|
||||
63.41.62.57 | ASN. 22394 | CELLCO, US
|
||||
98.175.70.171 | ASN. 22773 | ASN-CXA-ALL-CCI-22773-RDC, US
|
||||
204.153.129.226 | ASN. 23175 | POGOZONE, US
|
||||
199.27.156.158 | ASN. 23546 | DELCOM-ASN, US
|
||||
38.92.132.102 | ASN. 27029 | SJE-INC, US
|
||||
38.92.132.103 | ASN. 27029 | SJE-INC, US
|
||||
38.92.132.115 | ASN. 27029 | SJE-INC, US
|
||||
38.92.132.93 | ASN. 27029 | SJE-INC, US
|
||||
104.254.129.66 | ASN. 29802 | HVC-AS, US
|
||||
208.117.41.145 | ASN. 32748 | STEADFAST, US
|
||||
167.142.57.82 | ASN. 5056 | AUREON-5056, US
|
||||
108.160.149.44 | ASN. 63410 | PRIVATESYSTEMS, US
|
||||
2600:3c00::f03c:91ff:fe94:246c | ASN. 63949 | LINODE-AP Linode, LLC, US
|
||||
12.201.110.179 | ASN. 7018 | ATT-INTERNET4, US
|
||||
199.87.89.15 | ASN. 7018 | ATT-INTERNET4, US
|
||||
98.23.98.30 | ASN. 7029 | WINDSTREAM, US
|
||||
13.77.42.180 | ASN. 8075 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
13.85.70.138 | ASN. 8075 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
52.168.87.68 | ASN. 8075 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
52.183.124.107 | ASN. 8075 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
52.226.37.165 | ASN. 8075 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
144
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/summary.md
Обычный файл
144
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/summary.md
Обычный файл
@ -0,0 +1,144 @@
|
||||
|
||||
|
||||
~~~
|
||||
|
||||
SUMMARY for ignition_rce / CVE-2020-12000
|
||||
|
||||
IPs : 70
|
||||
Networks : 62
|
||||
ASNs : 38
|
||||
Countries : 15
|
||||
|
||||
|
||||
Top 100 ASNs
|
||||
|
||||
ASN_NR | Count | ASNName
|
||||
----------+--------+-----------------------------------
|
||||
16509 | 10 | AMAZON-02, US
|
||||
9829 | 6 | BSNL-NIB National Internet Backbone, IN
|
||||
8075 | 5 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
22394 | 5 | CELLCO, US
|
||||
27029 | 4 | SJE-INC, US
|
||||
14618 | 3 | AMAZON-AES, US
|
||||
9498 | 2 | BBIL-AP BHARTI Airtel Ltd., IN
|
||||
1221 | 2 | ASN-TELSTRA Telstra Corporation Ltd, AU
|
||||
852 | 2 | ASN852, CA
|
||||
20473 | 2 | AS-CHOOPA, US
|
||||
7018 | 2 | ATT-INTERNET4, US
|
||||
16527 | 1 | GVTCINTERNET, US
|
||||
20001 | 1 | TWC-20001-PACWEST, US
|
||||
5056 | 1 | AUREON-5056, US
|
||||
12353 | 1 | VODAFONE-PT Vodafone Portugal, PT
|
||||
15557 | 1 | LDCOMNET, FR
|
||||
11232 | 1 | MIDCO-NET, US
|
||||
22773 | 1 | ASN-CXA-ALL-CCI-22773-RDC, US
|
||||
16086 | 1 | DNA, FI
|
||||
23175 | 1 | POGOZONE, US
|
||||
23546 | 1 | DELCOM-ASN, US
|
||||
63410 | 1 | PRIVATESYSTEMS, US
|
||||
29802 | 1 | HVC-AS, US
|
||||
8607 | 1 | TIMICO United Kingdom, GB
|
||||
12876 | 1 | Online SAS, FR
|
||||
6799 | 1 | OTENET-GR Athens - Greece, GR
|
||||
63949 | 1 | LINODE-AP Linode, LLC, US
|
||||
19114 | 1 | Otecel S.A., EC
|
||||
12824 | 1 | HOMEPL-AS, PL
|
||||
52263 | 1 | Telecable Economico S.A., CR
|
||||
17754 | 1 | EXCELL-AS Excellmedia, IN
|
||||
11556 | 1 | Cable & Wireless Panama, PA
|
||||
49984 | 1 | TELCOM-UA-AS, UA
|
||||
7029 | 1 | WINDSTREAM, US
|
||||
15169 | 1 | GOOGLE, US
|
||||
3262 | 1 | SARENET, ES
|
||||
32748 | 1 | STEADFAST, US
|
||||
20057 | 1 | ATT-MOBILITY-LLC-AS20057, US
|
||||
|
||||
Top 100 Countries
|
||||
Country | Count
|
||||
--------+-----------
|
||||
US | 45
|
||||
IN | 9
|
||||
AU | 2
|
||||
FR | 2
|
||||
CA | 2
|
||||
UA | 1
|
||||
PT | 1
|
||||
GR | 1
|
||||
PA | 1
|
||||
CR | 1
|
||||
FI | 1
|
||||
EC | 1
|
||||
PL | 1
|
||||
ES | 1
|
||||
GB | 1
|
||||
|
||||
Top 100 Networks
|
||||
NW | Count | NetworkName
|
||||
------------------+--------+-----------------------------------
|
||||
38.92.132.0/24 | 4 | SJE-INC, US
|
||||
34.208.0.0/12 | 2 | AMAZON-02, US
|
||||
61.1.144.0/20 | 2 | BSNL-NIB National Internet Backbone, IN
|
||||
13.64.0.0/11 | 2 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
52.160.0.0/11 | 2 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
3.132.0.0/14 | 2 | AMAZON-02, US
|
||||
117.239.192.0/20 | 1 | BSNL-NIB National Internet Backbone, IN
|
||||
34.224.0.0/12 | 1 | AMAZON-AES, US
|
||||
59.96.176.0/20 | 1 | BSNL-NIB National Internet Backbone, IN
|
||||
52.32.0.0/14 | 1 | AMAZON-02, US
|
||||
108.160.148.0/22 | 1 | PRIVATESYSTEMS, US
|
||||
178.210.128.0/19 | 1 | TELCOM-UA-AS, UA
|
||||
181.188.192.0/20 | 1 | Otecel S.A., EC
|
||||
190.171.96.0/19 | 1 | Telecable Economico S.A., CR
|
||||
37.136.0.0/16 | 1 | DNA, FI
|
||||
123.209.0.0/16 | 1 | ASN-TELSTRA Telstra Corporation Ltd, AU
|
||||
125.18.240.0/20 | 1 | BBIL-AP BHARTI Airtel Ltd., IN
|
||||
52.224.0.0/11 | 1 | MICROSOFT-CORP-MSN-AS-BLOCK, US
|
||||
212.81.128.0/17 | 1 | SARENET, ES
|
||||
104.254.129.0/24 | 1 | HVC-AS, US
|
||||
166.161.192.0/18 | 1 | CELLCO, US
|
||||
166.169.0.0/16 | 1 | CELLCO, US
|
||||
216.177.160.0/19 | 1 | GVTCINTERNET, US
|
||||
62.121.0.0/19 | 1 | TIMICO United Kingdom, GB
|
||||
94.65.0.0/16 | 1 | OTENET-GR Athens - Greece, GR
|
||||
166.153.0.0/16 | 1 | CELLCO, US
|
||||
204.153.128.0/22 | 1 | POGOZONE, US
|
||||
93.0.0.0/14 | 1 | LDCOMNET, FR
|
||||
172.112.0.0/13 | 1 | TWC-20001-PACWEST, US
|
||||
186.72.0.0/16 | 1 | Cable & Wireless Panama, PA
|
||||
54.200.0.0/15 | 1 | AMAZON-02, US
|
||||
208.117.0.0/18 | 1 | STEADFAST, US
|
||||
166.239.192.0/18 | 1 | CELLCO, US
|
||||
140.82.0.0/20 | 1 | AS-CHOOPA, US
|
||||
199.87.88.0/21 | 1 | ATT-INTERNET4, US
|
||||
13.236.0.0/14 | 1 | AMAZON-02, US
|
||||
182.71.154.0/24 | 1 | BBIL-AP BHARTI Airtel Ltd., IN
|
||||
149.248.32.0/20 | 1 | AS-CHOOPA, US
|
||||
175.101.25.0/24 | 1 | EXCELL-AS Excellmedia, IN
|
||||
107.80.128.0/17 | 1 | ATT-MOBILITY-LLC-AS20057, US
|
||||
2600:3c00::/32 | 1 | LINODE-AP Linode, LLC, US
|
||||
98.16.0.0/13 | 1 | WINDSTREAM, US
|
||||
199.27.156.0/24 | 1 | DELCOM-ASN, US
|
||||
52.12.0.0/15 | 1 | AMAZON-02, US
|
||||
110.143.0.0/16 | 1 | ASN-TELSTRA Telstra Corporation Ltd, AU
|
||||
54.241.0.0/17 | 1 | AMAZON-02, US
|
||||
89.161.128.0/17 | 1 | HOMEPL-AS, PL
|
||||
35.200.0.0/14 | 1 | GOOGLE, US
|
||||
52.14.0.0/16 | 1 | AMAZON-02, US
|
||||
50.99.0.0/16 | 1 | ASN852, CA
|
||||
12.128.0.0/9 | 1 | ATT-INTERNET4, US
|
||||
98.175.70.0/23 | 1 | ASN-CXA-ALL-CCI-22773-RDC, US
|
||||
59.90.144.0/20 | 1 | BSNL-NIB National Internet Backbone, IN
|
||||
59.90.80.0/21 | 1 | BSNL-NIB National Internet Backbone, IN
|
||||
167.142.0.0/16 | 1 | AUREON-5056, US
|
||||
54.174.0.0/15 | 1 | AMAZON-AES, US
|
||||
89.114.0.0/15 | 1 | VODAFONE-PT Vodafone Portugal, PT
|
||||
62.210.0.0/16 | 1 | Online SAS, FR
|
||||
173.183.128.0/17 | 1 | ASN852, CA
|
||||
52.20.0.0/14 | 1 | AMAZON-AES, US
|
||||
63.41.0.0/16 | 1 | CELLCO, US
|
||||
24.230.64.0/18 | 1 | MIDCO-NET, US
|
||||
|
||||
|
||||
~~~
|
||||
|
||||
|
||||
Двоичные данные
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/tlp_amber.png
Обычный файл
Двоичные данные
CVE_VULN_FEED/CVE-2020-12000-ignition_rce/tlp_amber.png
Обычный файл
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 2.9 KiB |
Загрузка…
x
Ссылка в новой задаче
Block a user