When affected products receive a valid CIP message (Reset) from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, may occur a DoS.

A command injection vulnerability has been reported in Electron. The vulnerability is due to application compiled with Electron improperly validating user supplied inputs.

Multiple connection attempts from the same source address to the same destination address in a short amount of time are a sign of a brute force attempt. 

The Meterpreter shell was set to use either a reverse HTTP(S) or reverse TCP connection. A reverse connection is one that comes from the compromised host to the C2 server.

Threat Encyclopedia

1234414

ICS Rockwell Automation EtherNet IP CIP ControlLogix Ethernet Reset (CVE-2012-6442)

High

2024/09/26

1134491

WEB Electron setAsDefaultProtocolClient Command Injection -1.1 (CVE-2018-1000006)

High

2024/09/26

1134460

WEB ONVIF Brute Force Login

High

2024/09/26

1134453

MISC Meterpreter Java Payload Delivery

High

2024/09/26