Nozomi Networks Labs
Defending Critical Infrastructure Against Cyber Risk
Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through our cybersecurity research and collaboration with industry and institutions, we’re helping defend the operational systems that support everyday life.
Hitachi Energy Relion 670, 650 and SAM600-IO Series Buffer Overflow During Update Process – CVE-2022-3864
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service..
Sewio RTLS Studio Use of Hard-coded Password – CVE-2022-45444
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 and later contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.
Sewio RTLS Studio Improper Input Validation – CVE-2022-43455
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.
Guardian Community Edition Assertions (Queries) for COVID-19 Cybersecurity
New assertions (queries) have been added to Guardian Community Edition to help with COVID-19-related cybersecurity challenges.
- Assertions for COVID-19 Network Indicators – Queries that check for communications with malicious IP addresses and URLs
- Assertions for Remote Access Monitoring – Queries that check the number of simultaneous remote connections and generate alerts if the number surpasses a threshold.
COVID-19 Malware: OT and IoT Threat Intelligence
To help your organization proactively detect and prevent COVID-19 themed cyberattacks, download our network indicators, ransomware and malware threat intelligence.
- COVID-19 themed Network Indicators – Network IOCs (Indicators of Compromise)
- COVID-19-Themed Ransomware Rules – Yara rules for detecting coronavirus ransomware
- COVID-19 Informer Malware Rules– Yara rules for detecting COVID-19 Informer malware
- COVID-19-Themed Hash – List of hashes that detect malicious files
- COVID-19 Chinoxy Backdoor Malware – SNORT rule for detecting network infection
URGENT/11 Nmap NSE Script for Detecting Vulnerabilities
- Our Nmap NSE script for detecting URGENT/11 vulnerabilities is a research tool for quickly checking industrial systems for vulnerable assets based on the version of VxWorks exposed within the FTP service.
- Due the fact that is not always possible to detect the running version, we recommend that industrial operators use full featured security products for effective vulnerability assessment.
Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.
Let's get started
Discover how easy it is to anticipate, diagnose and respond to cyber threats and process issues before they impact your operations.