Recent 07/30/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Velocidex Velociraptor4
Western Digital Sweet B Cryptographic Library4
Rockwell Automation ISaGRAF Workbench3
Autodesk Design Review3
AutomationDirect SIO-MB04ADS2

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix22
Temporary Fix0
Workaround0
Unavailable0
Not Defined13

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined35

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤44
≤53
≤69
≤710
≤89
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤44
≤53
≤617
≤74
≤87
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k8
<2k12
<5k11
<10k0
<25k4
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k24
<2k5
<5k3
<10k1
<25k2
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
22:246.36.0Rockwell Automation ISaGRAF Workbench deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01103CVE-2022-2465
22:246.36.0Rockwell Automation ISaGRAF Workbench path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-2464
22:236.36.0Rockwell Automation ISaGRAF Workbench 7z File path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-2463
22:203.73.6AutomationDirect SIO-MB04RTDS cleartext transmission$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00000CVE-2022-2485
22:184.74.5Inductive Automation Ignition xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-1704
19:317.57.2Moxa NPort 5110 out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.170.00000CVE-2022-2044
19:307.57.2Moxa NPort 5110 out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2022-2043
11:223.53.4Velocidex Velociraptor GUI cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00885CVE-2022-35632
11:223.53.4Velocidex Velociraptor Collection Report cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-35630
11:216.36.3Trend Micro VPN Proxy Pro permission$5k-$25k$5k-$25kNot DefinedNot Defined0.110.00885CVE-2022-33158
11:215.55.3SonicWALL Hosted Email Security Capture ATP Security Service security check$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-2324
11:205.65.4Velocidex Velociraptor improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-35629
11:196.36.0Trend Micro Apex One/Worry-Free Business Security link following$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2022-36336
11:186.36.0Dogtag PKI XML Document Parser xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.070.09029CVE-2022-2414
11:185.35.3Trend Micro Security 2021/Security 2022 out-of-bounds$0-$5k$0-$5kNot DefinedNot Defined1.400.00885CVE-2022-35234
11:178.08.0EllieGrid App code injection$0-$5k$0-$5kNot DefinedNot Defined0.840.00885CVE-2022-30083
11:154.64.6Chia Network CAT1 Standard unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-36447
11:137.17.0D-Link DSL-3782 getAttrValue stack-based overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.610.00885CVE-2022-34528
11:137.17.0D-Link DSL-3782 byte_4C0160 command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.670.02055CVE-2022-34527
11:135.45.4Tiffsplit TIFF File _TIFFVGetField stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.730.00885CVE-2022-34526
11:117.67.5HiBy R3 Pro unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.780.00885CVE-2022-34496
11:096.36.0Autodesk Design Review TGA File DesignReview.exe out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01036CVE-2022-27865
11:087.57.4Autodesk Design Review PDF File DesignReview.exe double free$0-$5k$0-$5kNot DefinedOfficial Fix0.730.01156CVE-2022-27864
11:065.35.2Western Digital Sweet B Cryptographic Library NIST P-256 Curve unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-23004
11:056.36.0Velocidex Velociraptor temp file$0-$5k$0-$5kNot DefinedOfficial Fix0.120.00885CVE-2022-35631
11:044.34.3HCL Remote Store Server insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined1.000.00885CVE-2021-27785
11:036.36.0Autodesk Fusion360 HTTP Request access control$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-27873
10:567.06.9Autodesk Design Review TIFF File DesignReview.exe out-of-bounds$0-$5k$0-$5kNot DefinedOfficial Fix0.620.01036CVE-2022-27866
10:557.57.5SonicWALL Switch command injection$0-$5k$0-$5kNot DefinedNot Defined0.680.01156CVE-2022-2323
10:545.35.2Western Digital Sweet B Cryptographic Library NIST P-256 Curve unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-23003
10:535.35.2Western Digital Sweet B Cryptographic Library NIST P-256 Elliptic Curve unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00885CVE-2022-23002
10:515.35.3Western Digital Sweet B Cryptographic Library Elliptic Curve calculation$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-23001
10:496.05.9Autodesk AutoCAD 2023 PRT File out-of-bounds$0-$5k$0-$5kNot DefinedOfficial Fix0.510.01036CVE-2022-33881
10:433.63.6PluginlySpeaking Floating Div Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-36378
10:418.08.0DedeCMS mytag_main.php mytag_ Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.730.01156CVE-2022-34531

Want to stay up to date on a daily basis?

Enable the mail alert feature now!