This release contains six new rules, 13 new shared object rules and four modified rules.
Thursday's release provides protection against a series of vulnerabilities and exploits targeted toward Industrial Control Systems. Security researchers recently discovered 12 bugs in products from three different companies that could allow an attacker to take over SCADA software belonging to vital infrastructures such as water and power suppliers.
Talos has added and modified multiple rules in the file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Here are several important rules we would like to highlight:
- 50779 - 50781: Rules 50780 and 50781 provide coverage for CVE-2019-6543 and CVE-2019-6545, two critical vulnerabilities in InduSoft Web Studio that could allow an attacker to execute arbitrary code on the victim machine using a specially crafted database connection configuration file. Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary process using a specially crafted database connection configuration file. 50779 protects against CVE-2018-7809, which could allow an attacker to delete passwords on Schneider Electric's Modicon M340, Premium, Quantum PLCs and BMXNOR0200. Amit Raut wrote rule No. 50779 and Kristen Houser wrote rules 50780 and 50781.