From 283ba1e9933ff4e35fa67f9de6b261e2b5a2a513 Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Thu, 19 Mar 2026 16:46:07 +0100 Subject: [PATCH 1/3] Remove the recommendations field from vulnerabilities requests. --- .../data_stream/vulnerability/agent/stream/cel.yml.hbs | 1 - .../data_stream/vulnerability/fields/fields.yml | 5 +---- packages/claroty_xdome/docs/README.md | 1 - 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/packages/claroty_xdome/data_stream/vulnerability/agent/stream/cel.yml.hbs b/packages/claroty_xdome/data_stream/vulnerability/agent/stream/cel.yml.hbs index 4d01fea441e..351c2cb4b34 100644 --- a/packages/claroty_xdome/data_stream/vulnerability/agent/stream/cel.yml.hbs +++ b/packages/claroty_xdome/data_stream/vulnerability/agent/stream/cel.yml.hbs @@ -66,7 +66,6 @@ program: | "source_url", "description", "affected_products", - "recommendations", "is_known_exploited", "affected_devices_count", "affected_iot_devices_count", diff --git a/packages/claroty_xdome/data_stream/vulnerability/fields/fields.yml b/packages/claroty_xdome/data_stream/vulnerability/fields/fields.yml index f0b556a375c..6af7596f517 100644 --- a/packages/claroty_xdome/data_stream/vulnerability/fields/fields.yml +++ b/packages/claroty_xdome/data_stream/vulnerability/fields/fields.yml @@ -767,9 +767,6 @@ - name: note type: keyword description: The notes added to the vulnerability. - - name: recommendations - type: keyword - description: Actionable recommendations retrieved from the vendor, CERT advisory and the platform.Such as security updates, upgrades and additional Workarounds to minimize the risk. - name: type type: keyword description: Type such as "Application", "Clinical", "IoT" or "Platform". @@ -829,4 +826,4 @@ - name: id type: keyword - name: name - type: keyword \ No newline at end of file + type: keyword diff --git a/packages/claroty_xdome/docs/README.md b/packages/claroty_xdome/docs/README.md index 202fb72e0af..88d86685a32 100644 --- a/packages/claroty_xdome/docs/README.md +++ b/packages/claroty_xdome/docs/README.md @@ -1427,7 +1427,6 @@ An example event for `vulnerability` looks as following: | claroty_xdome.vulnerability.note | The notes added to the vulnerability. | keyword | | claroty_xdome.vulnerability.priority_group | The Vulnerability Priority Group can be used to prioritize vulnerabilities based on the suggested order of hierarchical groups, determined by each vulnerabilities impact, exploitability characteristics, relevance state and remediation information. Device filters dynamically change the groups. | keyword | | claroty_xdome.vulnerability.published_date | The date the vulnerability was published. | date | -| claroty_xdome.vulnerability.recommendations | Actionable recommendations retrieved from the vendor, CERT advisory and the platform.Such as security updates, upgrades and additional Workarounds to minimize the risk. | keyword | | claroty_xdome.vulnerability.sources.name | | keyword | | claroty_xdome.vulnerability.sources.url | | keyword | | claroty_xdome.vulnerability.type | Type such as "Application", "Clinical", "IoT" or "Platform". | keyword | From f66bc93ba9e701b37713bbad68ef5c6730546438 Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Thu, 19 Mar 2026 16:58:24 +0100 Subject: [PATCH 2/3] Version bump, changelog entry. --- packages/claroty_xdome/changelog.yml | 5 +++++ packages/claroty_xdome/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/claroty_xdome/changelog.yml b/packages/claroty_xdome/changelog.yml index 991444cf73e..cd20bba2d26 100644 --- a/packages/claroty_xdome/changelog.yml +++ b/packages/claroty_xdome/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.2" + changes: + - description: Remove the recommendations field from vulnerabilities requests. + type: bugfix + link: https://github.com/elastic/integrations/pull/17907 - version: "1.0.1" changes: - description: Downgrade the `format_version` to the minimum version that supports all the necessary features for the package. diff --git a/packages/claroty_xdome/manifest.yml b/packages/claroty_xdome/manifest.yml index b1586b29d12..6ed74277f49 100644 --- a/packages/claroty_xdome/manifest.yml +++ b/packages/claroty_xdome/manifest.yml @@ -1,6 +1,6 @@ name: claroty_xdome title: "Claroty xDome" -version: 1.0.1 +version: 1.0.2 description: "Collect logs from Claroty xDome with Elastic Agent." type: integration format_version: 3.3.2 From d221f11e5b7f1239d15c7d1f652fdf3ca2fec4e3 Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Fri, 20 Mar 2026 11:41:40 +0100 Subject: [PATCH 3/3] Remove recommendations in existing pipeline test data because we no longer request that field. --- .../_dev/test/pipeline/test-vulnerability.log | 6 +++--- .../test/pipeline/test-vulnerability.log-expected.json | 7 +++---- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log b/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log index e9cda1acffe..09c39a11cfd 100644 --- a/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log +++ b/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log @@ -1,4 +1,4 @@ -{"vulnerability_last_updated":"2022-08-01","vulnerability_info":{"cvss_v3_vector_string":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N","cvss_v2_score":3.2,"cvss_v3_score":5.4,"epss_score":0.00133,"affected_devices_count":0,"affected_products":"- Windows 10 or 10 IoT - 1507, 1511, 1607, 1809, 1909, 2004, 20H2, 21H1, None\r\n- Windows 7 - SP1\r\n- Windows 8.1\r\n- Windows RT 8.1 \r\n- Windows Server 2008 R2 - SP1\r\n- Windows Server 2008 - SP2\r\n- Windows Server 2012\r\n- Windows Server 2012 R2\r\n- Windows Server 2016\r\n- Windows Server 2019\r\n- Windows Server, versions 1909, 2004, 20H2\r\n\r\nDomain controllers are affected if the print spooler service is enabled. The Authenticated Users group is nested in the Pre-Windows 2000 Compatible Access which is elevated and makes domain controllers vulnerable in default deployments.\r\n\r\n* Philips, Carestream, and GE published advisories that detail their affected devices:\r\n\t* Philips - https://www.philips.com/a-w/security/security-advisories.html#security_advisories\r\n\t* Carestream - https://www.carestream.com/en/us/-/media/publicsite/resources/service-and-support-publications/carestream-product-security-advsiory---print-nightmare.pdf?sc_lang=en\r\n\t* GE - https://www.gehealthcare.com/en-US/security","source_url":"https://localhost:8080/vulnerabilities/CVE-2020-26147","id":"APZMJRV","is_known_exploited":false,"sources":[{"url":"https://localhost:8080/vuln/detail/CVE-2020-26147","name":"NVD"}],"cvss_v2_exploitability_subscore":3.2,"affected_ot_devices_count":0,"adjusted_vulnerability_score":4.8359456,"description":"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.","affected_it_devices_count":0,"recommendations":"recomm","vulnerability_type":"Platform","cve_ids":["CVE-2020-26147"],"name":"CVE-2020-26147","source_name":"NVD","published_date":"2025-05-11T01:21:05.359000Z","cvss_v2_vector_string":"AV:A/AC:H/Au:N/C:P/I:P/A:N","vulnerability_priority_group":"vuln_priority_gp","cvss_v3_exploitability_subscore":1.2,"affected_iot_devices_count":0,"affected_potentially_relevant_devices_count":0,"vulnerability_note":"note1","vulnerability_assignees":["vuln_assignee1"],"exploits_count":23,"affected_fixed_devices_count":0,"affected_confirmed_devices_count":0,"adjusted_vulnerability_score_level":"Medium","vulnerability_labels":["vuln_lavel1","vuln_ll2"],"affected_irrelevant_devices_count":0},"slot_cards":{"racks":[{"cards":[{"uid":"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54","slot_number":4,"name":"card_nm","card_type":"Network Card","model":"MVI56E-MCM","vendor":"ProSoft","sw_version":"V3.007","serial_number":"001B57F9","ip":"67.43.156.0","mac":"00:0d:8d:d8:74:63"}],"number_of_slots":9}],"cards_count":9},"snmp_hostnames":["snmp hostname"],"snmp_last_seen_hostname":"snmp last seen hostname","software_or_firmware_version":"software or firmware version","ssid_list":["ssid"],"suspicious":["suspicious"],"switch_group_name_list":["switch group name"],"switch_ip_list":["67.43.156.0"],"switch_location_list":["switch location"],"switch_mac_list":["switch mac"],"switch_name_list":["switch name"],"switch_port_description_list":["switch port description"],"switch_port_list":["switch port"],"device_type_family":"device type family","visibility_score_level":"Fair","visibility_score":65,"vlan_description_list":["vlan description"],"wifi_last_seen_list":["wifi last seen"],"windows_hostnames":["windows hostname"],"windows_last_seen_hostname":"windows last seen hostname","wireless_encryption_type_list":["wireless encryption type"],"wlc_location_list":["wlc location"],"wlc_name_list":["wlc name"],"vulnerability_source":"Claroty","vulnerability_relevance":"Confirmed","avg_in_use_per_day":12,"avg_online_per_day":12,"avg_examinations_per_day":12,"operating_hours_pattern_name":"operating hours pattern name","utilization_rate":1,"activity_rate":1,"organization_firewall_group_name":"organization firewall group name","organization_zone_name":"organization zone group name","vulnerability_last_changed":"2022-08-01","vulnerability_status":"Fixed","retired_since":"2022-08-01","machine_type":"machine type","managed_by":["managed by"],"management_services":["management service"],"mdm_compliance_status":"mdm compliance status","mdm_enrollment_status":"mdm enrollment status","mdm_ownership":"mdm ownership","mobility":"mobility","network_scope_list":["network scope"],"note":"note","number_of_nics":1,"os_eol_date":"2022-08-01","os_revision":"os revision","os_subcategory":"os subcategory","other_hostnames":["other hostname"],"phi":"phi","product_code":"product code","protocol_location_list":["protocol location"],"purdue_level_source":"purdue level source","purdue_level":"purdue level","recommended_firewall_group_name":"recommended firewall group name","recommended_zone_name":"recommended zone name","last_domain_user_activity":"2022-08-01","last_domain_user":"last domain user","last_scan_time":"2022-08-01","last_seen_on_switch_list":["2022-08-01"],"last_seen_reported":"2022-08-01","local_name":"local name","mac_oui_list":["Randomized Locally Administered Address"],"end_of_life_state":"","end_of_sale_date":"2022-08-01","endpoint_security_names":["CrowdStrike Falcon"],"fda_class":"OT","financial_cost":"$1,000-$10,000","handles_pii":"handles_pii","http_hostnames":["http hostname"],"http_last_seen_hostname":"http last seen hostname","hw_version":"hw version","integration_types_reported_from":["integration type"],"integrations_reported_from":["integration"],"ip_assignment_list":["Static"],"ise_authentication_method_list":["ise authentication method"],"ise_endpoint_profile_list":["ise endpoint profile"],"ise_identity_group_list":["ise identity group"],"ise_logical_profile_list":["ise logical profile"],"ise_security_group_description_list":["ise security group description"],"ise_security_group_name_list":["ise security group name"],"ise_security_group_tag_list":["ise security group tag"],"is_online":false,"equipment_class":"OT","edr_last_scan_time":"2022-08-01","end_of_life_date":"2022-08-01","cppm_service_list":["cppm service"],"data_sources_seen_reported_from":["data_source1"],"dhcp_fingerprint":"dhcp fingerprint","dhcp_hostnames":["dhcp hostname"],"dhcp_last_seen_hostname":"dhcp last seen hostname","edge_hosts_seen_reported_from":["edge_hosts1"],"edge_locations_seen_reported_from":["edge_hosts2"],"edge_locations":["edge location"],"edr_is_up_to_date_text":"edr is up to date text","cmms_floor":"cmms_floor","cmms_last_pm":"cmms_last_pm","cmms_location":"cmms_location","cmms_manufacturer":"cmms_manufacturer","cmms_model":"cmms_model","cmms_ownership":"cmms_ownership","cmms_owning_cost_center":"cmms_owning_cost_center","cmms_room":"cmms_room","cmms_serial_number":"cmms_serial_number","cmms_state":"cmms_state","cmms_technician":"cmms_technician","collection_interfaces_seen_reported_from":["coll_intf1"],"collection_interfaces":["coll_intf1"],"collection_servers_seen_reported_from":["coll_intf2"],"collection_servers":["coll_intf3"],"connection_paths":["connection path"],"connection_type_list":["connection type"],"consequence_of_failure":"consequence of failure","cppm_authentication_status_list":["cppm authentication status"],"cmms_financial_cost":0,"cmms_asset_tag":"cmms_asset_tag","cmms_building":"cmms_building","cmms_campus":"cmms_campus","cmms_department":"cmms_department","cmms_asset_purchase_cost":0,"active_queries_seen_reported_from":["unknwown"],"ad_description":"ad description","ad_distinguished_name":"ad distinguished name","ae_titles":["ae title"],"ap_location_list":["ap location"],"ap_name_list":["ap name"],"applied_acl_list":["acl_lst1"],"applied_acl_type_list":["app"],"asset_id":"xsdq1","battery_level":"10","bssid_list":["00:00:00:00:00:00"],"assignees":["3rd Party SOC (Group)","Dylan Mak","Jose Alegria","Security Group (Group)"],"device_category":"OT","effective_likelihood_subscore_points":43.435616,"effective_likelihood_subscore":"Very Low","first_seen_list":["2025-01-22T22:29:10.013719+00:00"],"impact_subscore_points":75,"impact_subscore":"Critical","insecure_protocols_points":0,"insecure_protocols":"Very Low","internet_communication":"No","ip_list":["67.43.156.0"],"known_vulnerabilities_points":71.69265,"known_vulnerabilities":"High","labels":["Criticidad alta","Exposed EOL Asset","Exposed OT Asset","Linea 1","Look into this","OT Internet Klabin"],"last_seen_list":["2025-03-13T02:28:48.626542+00:00"],"likelihood_subscore_points":63.875904,"likelihood_subscore":"High","network_list":["Industrial"],"retired":false,"site_group_name":"Sample Site Group","site_name":"Sample Site","device_subcategory":"Control","uid":"23883ed8-5985-4fb2-a94c-11c9a9def141","manufacturer":"Rockwell Automation","model":"sample","model_family":"sample_family","serial_number":"1234","risk_score_points":10,"risk_score":"Medium","domains":["Domain A"],"mac_list":["00:00:00:00:00:00"],"device_name":"Sample Device","os_category":"Unix","combined_os":"Unix","os_name":"Unix","os_version":"1.0.0","device_type":"Sample Device","authentication_user_list":["auth_user1"],"vlan_list":["vlan1"],"vlan_name_list":["vlan name"]} -{"active_queries_seen_reported_from":[],"activity_rate":52,"ad_description":null,"ad_distinguished_name":null,"ae_titles":[],"ap_location_list":[null],"ap_name_list":[null],"applied_acl_list":[null],"applied_acl_type_list":[null],"asset_id":"DLUPOQD","assignees":["3rd Party SOC (Group)","Ben Jackman"],"assignees_data":[{"display_name":"Ben Jackman","id":"ben.jackman","is_active":true,"type":"user"},{"display_name":"3rd Party SOC","id":37,"type":"group"}],"authentication_user_list":[null],"avg_examinations_per_day":null,"avg_in_use_per_day":null,"avg_online_per_day":12.4,"battery_level":null,"bssid_list":[null],"cmms_asset_tag":null,"cmms_financial_cost":null,"collection_interfaces_seen_reported_from":["ens142@demo-collection-columbia","ens178@demo-collection-clinton","ens192@demo-collection-columbia"],"collection_servers_seen_reported_from":["demo-collection-clinton","demo-collection-columbia"],"combined_os":"Windows 10 1607","connection_paths":[],"connection_type_list":["Ethernet"],"consequence_of_failure":null,"cppm_authentication_status_list":[null],"cppm_service_list":[null],"data_sources_seen_reported_from":["Passive Collection","Edge Scan","Integration"],"device_category":"OT","device_name":"DESKTOP-UOCGAB","device_subcategory":"Operation","device_type":"Engineering Station","device_type_family":"Engineering Station","dhcp_fingerprint":null,"dhcp_hostnames":[],"dhcp_last_seen_hostname":null,"domains":[],"edge_hosts_seen_reported_from":["dcf4011c53fa (old Edge ID)","dcf4013fc620 (old Edge ID)"],"edge_locations_seen_reported_from":["Plant-3","Plant-1"],"edr_is_up_to_date_text":null,"edr_last_scan_time":null,"effective_likelihood_subscore":"Very Low","effective_likelihood_subscore_points":20.12401,"end_of_life_date":null,"end_of_life_state":null,"end_of_sale_date":null,"endpoint_security_names":[],"equipment_class":null,"fda_class":null,"financial_cost":"Unknown","first_seen_list":["2025-02-03T01:20:31.035291+00:00"],"handles_pii":null,"http_hostnames":[],"http_last_seen_hostname":null,"hw_version":null,"impact_subscore":"Critical","impact_subscore_points":100,"insecure_protocols":"Medium","insecure_protocols_points":40,"integration_types_reported_from":["Rapid7"],"integrations_reported_from":["Rapid7 (Rapid7)"],"internet_communication":"No","ip_assignment_list":["Static"],"ip_list":["216.160.83.56"],"is_online":true,"ise_authentication_method_list":[null],"ise_endpoint_profile_list":[null],"ise_identity_group_list":[null],"ise_logical_profile_list":[null],"ise_security_group_description_list":[null],"ise_security_group_name_list":[null],"ise_security_group_tag_list":[null],"known_vulnerabilities":"Critical","known_vulnerabilities_points":100,"labels":["criticality","Exposed OT & Critical Vulnerabilities","Exposed OT Assets","OT Internet Klabin","Unsupported_OS","Urgent","xSA Managed Devices"],"last_domain_user":null,"last_domain_user_activity":null,"last_scan_time":"2025-01-15T09:55:30.094042+00:00","last_seen_list":["2025-03-26T02:58:09.298201+00:00"],"last_seen_on_switch_list":["2025-03-09T09:42:00.035327+00:00"],"last_seen_reported":"2025-03-27T02:57:44.802361+00:00","likelihood_subscore":"Critical","likelihood_subscore_points":71.87147,"local_name":null,"mac_list":["dc:f4:01:3f:c6:20"],"mac_oui_list":["Dell Inc."],"machine_type":"Physical","managed_by":[],"manufacturer":"Dell","mdm_compliance_status":null,"mdm_enrollment_status":null,"mdm_ownership":null,"mobility":null,"model":"OptiPlex 7010","model_family":null,"network_list":["Industrial"],"network_scope_list":["Default"],"note":null,"number_of_nics":1,"organization_firewall_group_name":"No Zone","os_category":"Windows","os_eol_date":"2019-04-09T00:00:00+00:00","os_name":"Windows","os_revision":"1607","os_subcategory":"Windows 10 & Equivalent","os_version":"10","other_hostnames":["DESKTOP-UOCGAB"],"phi":null,"product_code":null,"protocol_location_list":[null],"purdue_level":"Level 2","purdue_level_source":"Auto-Assigned","recommended_firewall_group_name":"Industrial Workstations","retired":false,"retired_since":null,"risk_score":"Medium","risk_score_points":52.074406,"serial_number":null,"site_group_name":"No Group","site_name":"Columbia","slot_cards":null,"snmp_hostnames":[],"snmp_last_seen_hostname":null,"software_or_firmware_version":null,"ssid_list":[null],"suspicious":[],"switch_group_name_list":[null],"switch_ip_list":[null],"switch_location_list":["dep PUcBj"],"switch_mac_list":["00:11:20:db:06:13"],"switch_port_description_list":[null],"switch_port_list":["Fa/0/7"],"uid":"ea50eaa8-0fef-4ec2-9076-48bb98e85a4b","utilization_rate":0,"visibility_score":98,"visibility_score_level":"Excellent","vlan_description_list":["VLAN 125"],"vlan_list":[125],"vlan_name_list":["VLAN 125"],"vulnerability_info":{"adjusted_vulnerability_score":8.887692,"adjusted_vulnerability_score_level":"High","affected_confirmed_devices_count":102,"affected_devices_count":345,"affected_fixed_devices_count":0,"affected_iot_devices_count":39,"affected_irrelevant_devices_count":0,"affected_it_devices_count":102,"affected_ot_devices_count":204,"affected_potentially_relevant_devices_count":243,"affected_products":null,"cve_ids":["CVE-2025-21418"],"cvss_v2_exploitability_subscore":null,"cvss_v2_score":null,"cvss_v2_vector_string":null,"cvss_v3_exploitability_subscore":1.8,"cvss_v3_score":7.8,"cvss_v3_vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","description":"CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","epss_score":0.00051,"exploits_count":null,"id":"ALCWSJJU","is_known_exploited":true,"name":"CVE-2025-21418","published_date":"2025-02-11T00:00:00Z","recommendations":null,"source_name":"Microsoft","source_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418","sources":[{"name":"Microsoft","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418"}],"vulnerability_assignees":[],"vulnerability_labels":[],"vulnerability_note":null,"vulnerability_priority_group":"Priority Group 4","vulnerability_type":"Platform"},"vulnerability_is_user_verdict":false,"vulnerability_last_updated":"2025-03-26T03:11:46.061472+00:00","vulnerability_relevance":"Potentially Relevant","vulnerability_source":"Claroty","vulnerability_system_relevance":"Potentially Relevant","wifi_last_seen_list":[null],"windows_hostnames":[],"windows_last_seen_hostname":null,"wireless_encryption_type_list":[null],"wlc_location_list":[null],"wlc_name_list":[null]} -{"vulnerability_last_updated":"2022-08-01","vulnerability_info":{"affected_medical_devices_count":10,"cvss_v3_vector_string":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N","cvss_v2_score":3.2,"cvss_v3_score":5.4,"epss_score":0.00133,"affected_devices_count":0,"affected_products":null,"source_url":"https://localhost:8080/vulnerabilities/CVE-2020-26147","id":"APZMJRV","is_known_exploited":false,"sources":[{"url":"https://localhost:8080/vuln/detail/CVE-2020-26147","name":"NVD"}],"cvss_v2_exploitability_subscore":3.2,"affected_ot_devices_count":0,"adjusted_vulnerability_score":4.8359456,"description":"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.","affected_it_devices_count":0,"recommendations":null,"vulnerability_type":"Platform","cve_ids":["CVE-2020-26147"],"name":"CVE-2020-26147","source_name":"NVD","published_date":"2025-05-11T01:21:05.359000Z","cvss_v2_vector_string":"AV:A/AC:H/Au:N/C:P/I:P/A:N","vulnerability_priority_group":null,"cvss_v3_exploitability_subscore":1.2,"affected_iot_devices_count":0,"affected_potentially_relevant_devices_count":0,"vulnerability_note":null,"vulnerability_assignees":[],"exploits_count":null,"affected_fixed_devices_count":0,"affected_confirmed_devices_count":0,"adjusted_vulnerability_score_level":"Medium","vulnerability_labels":[],"affected_irrelevant_devices_count":0},"slot_cards":{"racks":[{"cards":[{"uid":"3b6c4639-3743-4362-b38a-d1edcde189b1","slot_number":0,"name":null,"card_type":"CPU","model":"1756-L7SP/B LOGIXSAFETY","vendor":"Rockwell Automation","sw_version":"V24.012","serial_number":"00172DC0"},{"uid":"f1495b05-2262-4726-b604-aff5034d4e0f","slot_number":1,"name":null,"card_type":"I/O","model":"1756-OB16E/A DCOUT EFUSE","vendor":"Rockwell Automation","sw_version":"V3.003","serial_number":"000F75F0"},{"uid":"6ec98e76-9a29-4f9c-b259-d000f3009e02","slot_number":2,"name":null,"card_type":"CPU","model":"1756-L73S/B LOGIX5573 SAFETY","vendor":"Rockwell Automation","sw_version":"V32.011","serial_number":"00140557"},{"uid":"954e50eb-3c06-4208-b837-52a93a079a52","slot_number":3,"name":null,"card_type":"I/O","model":"1756-IB32/B DCIN","vendor":"Rockwell Automation","sw_version":"V3.005","serial_number":"001D1DF9"},{"uid":"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54","slot_number":4,"name":null,"card_type":"Network Card","model":"MVI56E-MCM","vendor":"ProSoft","sw_version":"V3.007","serial_number":"001B57F9","ip":"67.43.156.0","mac":"00:0d:8d:d8:74:63"},{"uid":"a31ea446-580e-4b3d-8923-3661bf28d429","slot_number":5,"name":null,"card_type":"I/O","model":"1756-IF16/A","vendor":"Rockwell Automation","sw_version":"V1.005","serial_number":"0016F448"},{"uid":"63131aa8-d0f1-45a0-832b-fc397639b7e4","slot_number":6,"name":null,"card_type":"I/O","model":"1746-IB16 16-Input (SINK) 24 VDC","vendor":"Rockwell Automation","sw_version":null,"serial_number":"001D0134"},{"uid":"96430c94-4782-4f12-9e00-c97383897f0c","slot_number":7,"name":null,"card_type":"Network Card","model":"1756-EN2T/D","vendor":"Rockwell Automation","sw_version":"V11.002","serial_number":"0019410D","ip":"81.2.69.142","mac":"40:41:01:fe:ad:41"},{"uid":"e2444831-3b05-4467-aeac-7deb87b717a7","slot_number":8,"name":null,"card_type":"I/O","model":"1746-IA16 16-Input 100/120 VAC","vendor":"Rockwell Automation","sw_version":"V3.005","serial_number":"001252EE"}],"number_of_slots":9}],"cards_count":9},"snmp_hostnames":["snmp hostname"],"snmp_last_seen_hostname":"snmp last seen hostname","software_or_firmware_version":"software or firmware version","ssid_list":["ssid"],"suspicious":["suspicious"],"switch_group_name_list":["switch group name"],"switch_ip_list":["81.2.69.142"],"switch_location_list":["switch location"],"switch_mac_list":["switch mac"],"switch_name_list":["switch name"],"switch_port_description_list":["switch port description"],"switch_port_list":["switch port"],"device_type_family":"device type family","visibility_score_level":"Fair","visibility_score":65,"vlan_description_list":["vlan description"],"wifi_last_seen_list":["2222-01-22T22:29:10.013719+00:00"],"windows_hostnames":["windows hostname"],"windows_last_seen_hostname":"windows last seen hostname","wireless_encryption_type_list":["wireless encryption type"],"wlc_location_list":["wlc location"],"wlc_name_list":["wlc name"],"vulnerability_source":"Claroty","vulnerability_relevance":"Confirmed","avg_in_use_per_day":12,"avg_online_per_day":12,"avg_examinations_per_day":12,"operating_hours_pattern_name":"operating hours pattern name","utilization_rate":1,"activity_rate":1,"organization_firewall_group_name":"organization firewall group name","organization_zone_name":"organization zone group name","vulnerability_last_changed":"2022-08-01","vulnerability_status":"Fixed","retired_since":"2022-08-01","machine_type":"machine type","managed_by":["managed by"],"management_services":["management service"],"mdm_compliance_status":"mdm compliance status","mdm_enrollment_status":"mdm enrollment status","mdm_ownership":"mdm ownership","mobility":"mobility","network_scope_list":["network scope"],"note":"note","number_of_nics":1,"os_eol_date":"2022-08-01","os_revision":"os revision","os_subcategory":"os subcategory","other_hostnames":["other hostname"],"phi":"phi","product_code":"product code","protocol_location_list":["protocol location"],"purdue_level_source":"purdue level source","purdue_level":"purdue level","recommended_firewall_group_name":"recommended firewall group name","recommended_zone_name":"recommended zone name","last_domain_user_activity":"2022-08-01","last_domain_user":"last domain user","last_scan_time":"2022-08-01","last_seen_on_switch_list":["2022-08-01"],"last_seen_reported":"2022-08-01","local_name":"local name","mac_oui_list":["Randomized Locally Administered Address"],"end_of_life_state":"","end_of_sale_date":"2022-08-01","endpoint_security_names":["CrowdStrike Falcon"],"fda_class":"OT","financial_cost":"$1,000-$10,000","handles_pii":"handles_pii","http_hostnames":["http hostname"],"http_last_seen_hostname":"http last seen hostname","hw_version":"hw version","integration_types_reported_from":["integration type"],"integrations_reported_from":["integration"],"ip_assignment_list":["Static"],"ise_authentication_method_list":["ise authentication method"],"ise_endpoint_profile_list":["ise endpoint profile"],"ise_identity_group_list":["ise identity group"],"ise_logical_profile_list":["ise logical profile"],"ise_security_group_description_list":["ise security group description"],"ise_security_group_name_list":["ise security group name"],"ise_security_group_tag_list":["ise security group tag"],"is_online":false,"equipment_class":"OT","edr_last_scan_time":"2022-08-01","end_of_life_date":"2022-08-01","cppm_service_list":["cppm service"],"data_sources_seen_reported_from":["81.2.69.142"],"dhcp_fingerprint":"dhcp fingerprint","dhcp_hostnames":["dhcp hostname"],"dhcp_last_seen_hostname":"dhcp last seen hostname","edge_hosts_seen_reported_from":["81.2.69.142"],"edge_locations_seen_reported_from":["81.2.69.142"],"edge_locations":["edge location"],"edr_is_up_to_date_text":"edr is up to date text","cmms_floor":"cmms_floor","cmms_last_pm":"cmms_last_pm","cmms_location":"cmms_location","cmms_manufacturer":"cmms_manufacturer","cmms_model":"cmms_model","cmms_ownership":"cmms_ownership","cmms_owning_cost_center":"cmms_owning_cost_center","cmms_room":"cmms_room","cmms_serial_number":"cmms_serial_number","cmms_state":"cmms_state","cmms_technician":"cmms_technician","collection_interfaces_seen_reported_from":["81.2.69.142"],"collection_interfaces":["81.2.69.142"],"collection_servers_seen_reported_from":["81.2.69.142"],"collection_servers":["81.2.69.142"],"connection_paths":["connection path"],"connection_type_list":["connection type"],"consequence_of_failure":"consequence of failure","cppm_authentication_status_list":["cppm authentication status"],"cmms_financial_cost":0,"cmms_asset_tag":"cmms_asset_tag","cmms_building":"cmms_building","cmms_campus":"cmms_campus","cmms_department":"cmms_department","cmms_asset_purchase_cost":0,"active_queries_seen_reported_from":["175.16.199.0"],"ad_description":"ad description","ad_distinguished_name":"ad distinguished name","ae_titles":["ae title"],"ap_location_list":["ap location"],"ap_name_list":["ap name"],"applied_acl_list":[],"applied_acl_type_list":["app"],"asset_id":"xsdq1","battery_level":"10","bssid_list":["00:00:00:00:00:00"],"assignees":["3rd Party SOC (Group)","Dylan Mak","Jose Alegria","Security Group (Group)"],"device_category":"OT","effective_likelihood_subscore_points":43.435616,"effective_likelihood_subscore":"Very Low","first_seen_list":["2025-01-22T22:29:10.013719+00:00"],"impact_subscore_points":75,"impact_subscore":"Critical","insecure_protocols_points":0,"insecure_protocols":"Very Low","internet_communication":"No","ip_list":["67.43.156.0"],"known_vulnerabilities_points":71.69265,"known_vulnerabilities":"High","labels":["Criticidad alta","Exposed EOL Asset","Exposed OT Asset","Linea 1","Look into this","OT Internet Klabin"],"last_seen_list":["2025-03-13T02:28:48.626542+00:00"],"likelihood_subscore_points":63.875904,"likelihood_subscore":"High","network_list":["Industrial"],"retired":false,"site_group_name":"Sample Site Group","site_name":"Sample Site","device_subcategory":"Control","uid":"25d8183d-eb78-4c73-a1d3-3eaed076a837","manufacturer":"Rockwell Automation","model":"sample","model_family":"sample_family","serial_number":"1234","risk_score_points":10,"risk_score":"Medium","domains":["Domain A"],"mac_list":["00:00:00:00:00:00"],"device_name":"Sample Device","os_category":"Unix","combined_os":"Unix","os_name":"Unix","os_version":"1.0.0","device_type":"Sample Device","authentication_user_list":["user1"],"vlan_list":["vlan1"],"vlan_name_list":["vlan name"]} +{"vulnerability_last_updated":"2022-08-01","vulnerability_info":{"cvss_v3_vector_string":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N","cvss_v2_score":3.2,"cvss_v3_score":5.4,"epss_score":0.00133,"affected_devices_count":0,"affected_products":"- Windows 10 or 10 IoT - 1507, 1511, 1607, 1809, 1909, 2004, 20H2, 21H1, None\r\n- Windows 7 - SP1\r\n- Windows 8.1\r\n- Windows RT 8.1 \r\n- Windows Server 2008 R2 - SP1\r\n- Windows Server 2008 - SP2\r\n- Windows Server 2012\r\n- Windows Server 2012 R2\r\n- Windows Server 2016\r\n- Windows Server 2019\r\n- Windows Server, versions 1909, 2004, 20H2\r\n\r\nDomain controllers are affected if the print spooler service is enabled. The Authenticated Users group is nested in the Pre-Windows 2000 Compatible Access which is elevated and makes domain controllers vulnerable in default deployments.\r\n\r\n* Philips, Carestream, and GE published advisories that detail their affected devices:\r\n\t* Philips - https://www.philips.com/a-w/security/security-advisories.html#security_advisories\r\n\t* Carestream - https://www.carestream.com/en/us/-/media/publicsite/resources/service-and-support-publications/carestream-product-security-advsiory---print-nightmare.pdf?sc_lang=en\r\n\t* GE - https://www.gehealthcare.com/en-US/security","source_url":"https://localhost:8080/vulnerabilities/CVE-2020-26147","id":"APZMJRV","is_known_exploited":false,"sources":[{"url":"https://localhost:8080/vuln/detail/CVE-2020-26147","name":"NVD"}],"cvss_v2_exploitability_subscore":3.2,"affected_ot_devices_count":0,"adjusted_vulnerability_score":4.8359456,"description":"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.","affected_it_devices_count":0,"vulnerability_type":"Platform","cve_ids":["CVE-2020-26147"],"name":"CVE-2020-26147","source_name":"NVD","published_date":"2025-05-11T01:21:05.359000Z","cvss_v2_vector_string":"AV:A/AC:H/Au:N/C:P/I:P/A:N","vulnerability_priority_group":"vuln_priority_gp","cvss_v3_exploitability_subscore":1.2,"affected_iot_devices_count":0,"affected_potentially_relevant_devices_count":0,"vulnerability_note":"note1","vulnerability_assignees":["vuln_assignee1"],"exploits_count":23,"affected_fixed_devices_count":0,"affected_confirmed_devices_count":0,"adjusted_vulnerability_score_level":"Medium","vulnerability_labels":["vuln_lavel1","vuln_ll2"],"affected_irrelevant_devices_count":0},"slot_cards":{"racks":[{"cards":[{"uid":"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54","slot_number":4,"name":"card_nm","card_type":"Network Card","model":"MVI56E-MCM","vendor":"ProSoft","sw_version":"V3.007","serial_number":"001B57F9","ip":"67.43.156.0","mac":"00:0d:8d:d8:74:63"}],"number_of_slots":9}],"cards_count":9},"snmp_hostnames":["snmp hostname"],"snmp_last_seen_hostname":"snmp last seen hostname","software_or_firmware_version":"software or firmware version","ssid_list":["ssid"],"suspicious":["suspicious"],"switch_group_name_list":["switch group name"],"switch_ip_list":["67.43.156.0"],"switch_location_list":["switch location"],"switch_mac_list":["switch mac"],"switch_name_list":["switch name"],"switch_port_description_list":["switch port description"],"switch_port_list":["switch port"],"device_type_family":"device type family","visibility_score_level":"Fair","visibility_score":65,"vlan_description_list":["vlan description"],"wifi_last_seen_list":["wifi last seen"],"windows_hostnames":["windows hostname"],"windows_last_seen_hostname":"windows last seen hostname","wireless_encryption_type_list":["wireless encryption type"],"wlc_location_list":["wlc location"],"wlc_name_list":["wlc name"],"vulnerability_source":"Claroty","vulnerability_relevance":"Confirmed","avg_in_use_per_day":12,"avg_online_per_day":12,"avg_examinations_per_day":12,"operating_hours_pattern_name":"operating hours pattern name","utilization_rate":1,"activity_rate":1,"organization_firewall_group_name":"organization firewall group name","organization_zone_name":"organization zone group name","vulnerability_last_changed":"2022-08-01","vulnerability_status":"Fixed","retired_since":"2022-08-01","machine_type":"machine type","managed_by":["managed by"],"management_services":["management service"],"mdm_compliance_status":"mdm compliance status","mdm_enrollment_status":"mdm enrollment status","mdm_ownership":"mdm ownership","mobility":"mobility","network_scope_list":["network scope"],"note":"note","number_of_nics":1,"os_eol_date":"2022-08-01","os_revision":"os revision","os_subcategory":"os subcategory","other_hostnames":["other hostname"],"phi":"phi","product_code":"product code","protocol_location_list":["protocol location"],"purdue_level_source":"purdue level source","purdue_level":"purdue level","recommended_firewall_group_name":"recommended firewall group name","recommended_zone_name":"recommended zone name","last_domain_user_activity":"2022-08-01","last_domain_user":"last domain user","last_scan_time":"2022-08-01","last_seen_on_switch_list":["2022-08-01"],"last_seen_reported":"2022-08-01","local_name":"local name","mac_oui_list":["Randomized Locally Administered Address"],"end_of_life_state":"","end_of_sale_date":"2022-08-01","endpoint_security_names":["CrowdStrike Falcon"],"fda_class":"OT","financial_cost":"$1,000-$10,000","handles_pii":"handles_pii","http_hostnames":["http hostname"],"http_last_seen_hostname":"http last seen hostname","hw_version":"hw version","integration_types_reported_from":["integration type"],"integrations_reported_from":["integration"],"ip_assignment_list":["Static"],"ise_authentication_method_list":["ise authentication method"],"ise_endpoint_profile_list":["ise endpoint profile"],"ise_identity_group_list":["ise identity group"],"ise_logical_profile_list":["ise logical profile"],"ise_security_group_description_list":["ise security group description"],"ise_security_group_name_list":["ise security group name"],"ise_security_group_tag_list":["ise security group tag"],"is_online":false,"equipment_class":"OT","edr_last_scan_time":"2022-08-01","end_of_life_date":"2022-08-01","cppm_service_list":["cppm service"],"data_sources_seen_reported_from":["data_source1"],"dhcp_fingerprint":"dhcp fingerprint","dhcp_hostnames":["dhcp hostname"],"dhcp_last_seen_hostname":"dhcp last seen hostname","edge_hosts_seen_reported_from":["edge_hosts1"],"edge_locations_seen_reported_from":["edge_hosts2"],"edge_locations":["edge location"],"edr_is_up_to_date_text":"edr is up to date text","cmms_floor":"cmms_floor","cmms_last_pm":"cmms_last_pm","cmms_location":"cmms_location","cmms_manufacturer":"cmms_manufacturer","cmms_model":"cmms_model","cmms_ownership":"cmms_ownership","cmms_owning_cost_center":"cmms_owning_cost_center","cmms_room":"cmms_room","cmms_serial_number":"cmms_serial_number","cmms_state":"cmms_state","cmms_technician":"cmms_technician","collection_interfaces_seen_reported_from":["coll_intf1"],"collection_interfaces":["coll_intf1"],"collection_servers_seen_reported_from":["coll_intf2"],"collection_servers":["coll_intf3"],"connection_paths":["connection path"],"connection_type_list":["connection type"],"consequence_of_failure":"consequence of failure","cppm_authentication_status_list":["cppm authentication status"],"cmms_financial_cost":0,"cmms_asset_tag":"cmms_asset_tag","cmms_building":"cmms_building","cmms_campus":"cmms_campus","cmms_department":"cmms_department","cmms_asset_purchase_cost":0,"active_queries_seen_reported_from":["unknwown"],"ad_description":"ad description","ad_distinguished_name":"ad distinguished name","ae_titles":["ae title"],"ap_location_list":["ap location"],"ap_name_list":["ap name"],"applied_acl_list":["acl_lst1"],"applied_acl_type_list":["app"],"asset_id":"xsdq1","battery_level":"10","bssid_list":["00:00:00:00:00:00"],"assignees":["3rd Party SOC (Group)","Dylan Mak","Jose Alegria","Security Group (Group)"],"device_category":"OT","effective_likelihood_subscore_points":43.435616,"effective_likelihood_subscore":"Very Low","first_seen_list":["2025-01-22T22:29:10.013719+00:00"],"impact_subscore_points":75,"impact_subscore":"Critical","insecure_protocols_points":0,"insecure_protocols":"Very Low","internet_communication":"No","ip_list":["67.43.156.0"],"known_vulnerabilities_points":71.69265,"known_vulnerabilities":"High","labels":["Criticidad alta","Exposed EOL Asset","Exposed OT Asset","Linea 1","Look into this","OT Internet Klabin"],"last_seen_list":["2025-03-13T02:28:48.626542+00:00"],"likelihood_subscore_points":63.875904,"likelihood_subscore":"High","network_list":["Industrial"],"retired":false,"site_group_name":"Sample Site Group","site_name":"Sample Site","device_subcategory":"Control","uid":"23883ed8-5985-4fb2-a94c-11c9a9def141","manufacturer":"Rockwell Automation","model":"sample","model_family":"sample_family","serial_number":"1234","risk_score_points":10,"risk_score":"Medium","domains":["Domain A"],"mac_list":["00:00:00:00:00:00"],"device_name":"Sample Device","os_category":"Unix","combined_os":"Unix","os_name":"Unix","os_version":"1.0.0","device_type":"Sample Device","authentication_user_list":["auth_user1"],"vlan_list":["vlan1"],"vlan_name_list":["vlan name"]} +{"active_queries_seen_reported_from":[],"activity_rate":52,"ad_description":null,"ad_distinguished_name":null,"ae_titles":[],"ap_location_list":[null],"ap_name_list":[null],"applied_acl_list":[null],"applied_acl_type_list":[null],"asset_id":"DLUPOQD","assignees":["3rd Party SOC (Group)","Ben Jackman"],"assignees_data":[{"display_name":"Ben Jackman","id":"ben.jackman","is_active":true,"type":"user"},{"display_name":"3rd Party SOC","id":37,"type":"group"}],"authentication_user_list":[null],"avg_examinations_per_day":null,"avg_in_use_per_day":null,"avg_online_per_day":12.4,"battery_level":null,"bssid_list":[null],"cmms_asset_tag":null,"cmms_financial_cost":null,"collection_interfaces_seen_reported_from":["ens142@demo-collection-columbia","ens178@demo-collection-clinton","ens192@demo-collection-columbia"],"collection_servers_seen_reported_from":["demo-collection-clinton","demo-collection-columbia"],"combined_os":"Windows 10 1607","connection_paths":[],"connection_type_list":["Ethernet"],"consequence_of_failure":null,"cppm_authentication_status_list":[null],"cppm_service_list":[null],"data_sources_seen_reported_from":["Passive Collection","Edge Scan","Integration"],"device_category":"OT","device_name":"DESKTOP-UOCGAB","device_subcategory":"Operation","device_type":"Engineering Station","device_type_family":"Engineering Station","dhcp_fingerprint":null,"dhcp_hostnames":[],"dhcp_last_seen_hostname":null,"domains":[],"edge_hosts_seen_reported_from":["dcf4011c53fa (old Edge ID)","dcf4013fc620 (old Edge ID)"],"edge_locations_seen_reported_from":["Plant-3","Plant-1"],"edr_is_up_to_date_text":null,"edr_last_scan_time":null,"effective_likelihood_subscore":"Very Low","effective_likelihood_subscore_points":20.12401,"end_of_life_date":null,"end_of_life_state":null,"end_of_sale_date":null,"endpoint_security_names":[],"equipment_class":null,"fda_class":null,"financial_cost":"Unknown","first_seen_list":["2025-02-03T01:20:31.035291+00:00"],"handles_pii":null,"http_hostnames":[],"http_last_seen_hostname":null,"hw_version":null,"impact_subscore":"Critical","impact_subscore_points":100,"insecure_protocols":"Medium","insecure_protocols_points":40,"integration_types_reported_from":["Rapid7"],"integrations_reported_from":["Rapid7 (Rapid7)"],"internet_communication":"No","ip_assignment_list":["Static"],"ip_list":["216.160.83.56"],"is_online":true,"ise_authentication_method_list":[null],"ise_endpoint_profile_list":[null],"ise_identity_group_list":[null],"ise_logical_profile_list":[null],"ise_security_group_description_list":[null],"ise_security_group_name_list":[null],"ise_security_group_tag_list":[null],"known_vulnerabilities":"Critical","known_vulnerabilities_points":100,"labels":["criticality","Exposed OT & Critical Vulnerabilities","Exposed OT Assets","OT Internet Klabin","Unsupported_OS","Urgent","xSA Managed Devices"],"last_domain_user":null,"last_domain_user_activity":null,"last_scan_time":"2025-01-15T09:55:30.094042+00:00","last_seen_list":["2025-03-26T02:58:09.298201+00:00"],"last_seen_on_switch_list":["2025-03-09T09:42:00.035327+00:00"],"last_seen_reported":"2025-03-27T02:57:44.802361+00:00","likelihood_subscore":"Critical","likelihood_subscore_points":71.87147,"local_name":null,"mac_list":["dc:f4:01:3f:c6:20"],"mac_oui_list":["Dell Inc."],"machine_type":"Physical","managed_by":[],"manufacturer":"Dell","mdm_compliance_status":null,"mdm_enrollment_status":null,"mdm_ownership":null,"mobility":null,"model":"OptiPlex 7010","model_family":null,"network_list":["Industrial"],"network_scope_list":["Default"],"note":null,"number_of_nics":1,"organization_firewall_group_name":"No Zone","os_category":"Windows","os_eol_date":"2019-04-09T00:00:00+00:00","os_name":"Windows","os_revision":"1607","os_subcategory":"Windows 10 & Equivalent","os_version":"10","other_hostnames":["DESKTOP-UOCGAB"],"phi":null,"product_code":null,"protocol_location_list":[null],"purdue_level":"Level 2","purdue_level_source":"Auto-Assigned","recommended_firewall_group_name":"Industrial Workstations","retired":false,"retired_since":null,"risk_score":"Medium","risk_score_points":52.074406,"serial_number":null,"site_group_name":"No Group","site_name":"Columbia","slot_cards":null,"snmp_hostnames":[],"snmp_last_seen_hostname":null,"software_or_firmware_version":null,"ssid_list":[null],"suspicious":[],"switch_group_name_list":[null],"switch_ip_list":[null],"switch_location_list":["dep PUcBj"],"switch_mac_list":["00:11:20:db:06:13"],"switch_port_description_list":[null],"switch_port_list":["Fa/0/7"],"uid":"ea50eaa8-0fef-4ec2-9076-48bb98e85a4b","utilization_rate":0,"visibility_score":98,"visibility_score_level":"Excellent","vlan_description_list":["VLAN 125"],"vlan_list":[125],"vlan_name_list":["VLAN 125"],"vulnerability_info":{"adjusted_vulnerability_score":8.887692,"adjusted_vulnerability_score_level":"High","affected_confirmed_devices_count":102,"affected_devices_count":345,"affected_fixed_devices_count":0,"affected_iot_devices_count":39,"affected_irrelevant_devices_count":0,"affected_it_devices_count":102,"affected_ot_devices_count":204,"affected_potentially_relevant_devices_count":243,"affected_products":null,"cve_ids":["CVE-2025-21418"],"cvss_v2_exploitability_subscore":null,"cvss_v2_score":null,"cvss_v2_vector_string":null,"cvss_v3_exploitability_subscore":1.8,"cvss_v3_score":7.8,"cvss_v3_vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","description":"CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","epss_score":0.00051,"exploits_count":null,"id":"ALCWSJJU","is_known_exploited":true,"name":"CVE-2025-21418","published_date":"2025-02-11T00:00:00Z","source_name":"Microsoft","source_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418","sources":[{"name":"Microsoft","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418"}],"vulnerability_assignees":[],"vulnerability_labels":[],"vulnerability_note":null,"vulnerability_priority_group":"Priority Group 4","vulnerability_type":"Platform"},"vulnerability_is_user_verdict":false,"vulnerability_last_updated":"2025-03-26T03:11:46.061472+00:00","vulnerability_relevance":"Potentially Relevant","vulnerability_source":"Claroty","vulnerability_system_relevance":"Potentially Relevant","wifi_last_seen_list":[null],"windows_hostnames":[],"windows_last_seen_hostname":null,"wireless_encryption_type_list":[null],"wlc_location_list":[null],"wlc_name_list":[null]} +{"vulnerability_last_updated":"2022-08-01","vulnerability_info":{"affected_medical_devices_count":10,"cvss_v3_vector_string":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N","cvss_v2_score":3.2,"cvss_v3_score":5.4,"epss_score":0.00133,"affected_devices_count":0,"affected_products":null,"source_url":"https://localhost:8080/vulnerabilities/CVE-2020-26147","id":"APZMJRV","is_known_exploited":false,"sources":[{"url":"https://localhost:8080/vuln/detail/CVE-2020-26147","name":"NVD"}],"cvss_v2_exploitability_subscore":3.2,"affected_ot_devices_count":0,"adjusted_vulnerability_score":4.8359456,"description":"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.","affected_it_devices_count":0,"vulnerability_type":"Platform","cve_ids":["CVE-2020-26147"],"name":"CVE-2020-26147","source_name":"NVD","published_date":"2025-05-11T01:21:05.359000Z","cvss_v2_vector_string":"AV:A/AC:H/Au:N/C:P/I:P/A:N","vulnerability_priority_group":null,"cvss_v3_exploitability_subscore":1.2,"affected_iot_devices_count":0,"affected_potentially_relevant_devices_count":0,"vulnerability_note":null,"vulnerability_assignees":[],"exploits_count":null,"affected_fixed_devices_count":0,"affected_confirmed_devices_count":0,"adjusted_vulnerability_score_level":"Medium","vulnerability_labels":[],"affected_irrelevant_devices_count":0},"slot_cards":{"racks":[{"cards":[{"uid":"3b6c4639-3743-4362-b38a-d1edcde189b1","slot_number":0,"name":null,"card_type":"CPU","model":"1756-L7SP/B LOGIXSAFETY","vendor":"Rockwell Automation","sw_version":"V24.012","serial_number":"00172DC0"},{"uid":"f1495b05-2262-4726-b604-aff5034d4e0f","slot_number":1,"name":null,"card_type":"I/O","model":"1756-OB16E/A DCOUT EFUSE","vendor":"Rockwell Automation","sw_version":"V3.003","serial_number":"000F75F0"},{"uid":"6ec98e76-9a29-4f9c-b259-d000f3009e02","slot_number":2,"name":null,"card_type":"CPU","model":"1756-L73S/B LOGIX5573 SAFETY","vendor":"Rockwell Automation","sw_version":"V32.011","serial_number":"00140557"},{"uid":"954e50eb-3c06-4208-b837-52a93a079a52","slot_number":3,"name":null,"card_type":"I/O","model":"1756-IB32/B DCIN","vendor":"Rockwell Automation","sw_version":"V3.005","serial_number":"001D1DF9"},{"uid":"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54","slot_number":4,"name":null,"card_type":"Network Card","model":"MVI56E-MCM","vendor":"ProSoft","sw_version":"V3.007","serial_number":"001B57F9","ip":"67.43.156.0","mac":"00:0d:8d:d8:74:63"},{"uid":"a31ea446-580e-4b3d-8923-3661bf28d429","slot_number":5,"name":null,"card_type":"I/O","model":"1756-IF16/A","vendor":"Rockwell Automation","sw_version":"V1.005","serial_number":"0016F448"},{"uid":"63131aa8-d0f1-45a0-832b-fc397639b7e4","slot_number":6,"name":null,"card_type":"I/O","model":"1746-IB16 16-Input (SINK) 24 VDC","vendor":"Rockwell Automation","sw_version":null,"serial_number":"001D0134"},{"uid":"96430c94-4782-4f12-9e00-c97383897f0c","slot_number":7,"name":null,"card_type":"Network Card","model":"1756-EN2T/D","vendor":"Rockwell Automation","sw_version":"V11.002","serial_number":"0019410D","ip":"81.2.69.142","mac":"40:41:01:fe:ad:41"},{"uid":"e2444831-3b05-4467-aeac-7deb87b717a7","slot_number":8,"name":null,"card_type":"I/O","model":"1746-IA16 16-Input 100/120 VAC","vendor":"Rockwell Automation","sw_version":"V3.005","serial_number":"001252EE"}],"number_of_slots":9}],"cards_count":9},"snmp_hostnames":["snmp hostname"],"snmp_last_seen_hostname":"snmp last seen hostname","software_or_firmware_version":"software or firmware version","ssid_list":["ssid"],"suspicious":["suspicious"],"switch_group_name_list":["switch group name"],"switch_ip_list":["81.2.69.142"],"switch_location_list":["switch location"],"switch_mac_list":["switch mac"],"switch_name_list":["switch name"],"switch_port_description_list":["switch port description"],"switch_port_list":["switch port"],"device_type_family":"device type family","visibility_score_level":"Fair","visibility_score":65,"vlan_description_list":["vlan description"],"wifi_last_seen_list":["2222-01-22T22:29:10.013719+00:00"],"windows_hostnames":["windows hostname"],"windows_last_seen_hostname":"windows last seen hostname","wireless_encryption_type_list":["wireless encryption type"],"wlc_location_list":["wlc location"],"wlc_name_list":["wlc name"],"vulnerability_source":"Claroty","vulnerability_relevance":"Confirmed","avg_in_use_per_day":12,"avg_online_per_day":12,"avg_examinations_per_day":12,"operating_hours_pattern_name":"operating hours pattern name","utilization_rate":1,"activity_rate":1,"organization_firewall_group_name":"organization firewall group name","organization_zone_name":"organization zone group name","vulnerability_last_changed":"2022-08-01","vulnerability_status":"Fixed","retired_since":"2022-08-01","machine_type":"machine type","managed_by":["managed by"],"management_services":["management service"],"mdm_compliance_status":"mdm compliance status","mdm_enrollment_status":"mdm enrollment status","mdm_ownership":"mdm ownership","mobility":"mobility","network_scope_list":["network scope"],"note":"note","number_of_nics":1,"os_eol_date":"2022-08-01","os_revision":"os revision","os_subcategory":"os subcategory","other_hostnames":["other hostname"],"phi":"phi","product_code":"product code","protocol_location_list":["protocol location"],"purdue_level_source":"purdue level source","purdue_level":"purdue level","recommended_firewall_group_name":"recommended firewall group name","recommended_zone_name":"recommended zone name","last_domain_user_activity":"2022-08-01","last_domain_user":"last domain user","last_scan_time":"2022-08-01","last_seen_on_switch_list":["2022-08-01"],"last_seen_reported":"2022-08-01","local_name":"local name","mac_oui_list":["Randomized Locally Administered Address"],"end_of_life_state":"","end_of_sale_date":"2022-08-01","endpoint_security_names":["CrowdStrike Falcon"],"fda_class":"OT","financial_cost":"$1,000-$10,000","handles_pii":"handles_pii","http_hostnames":["http hostname"],"http_last_seen_hostname":"http last seen hostname","hw_version":"hw version","integration_types_reported_from":["integration type"],"integrations_reported_from":["integration"],"ip_assignment_list":["Static"],"ise_authentication_method_list":["ise authentication method"],"ise_endpoint_profile_list":["ise endpoint profile"],"ise_identity_group_list":["ise identity group"],"ise_logical_profile_list":["ise logical profile"],"ise_security_group_description_list":["ise security group description"],"ise_security_group_name_list":["ise security group name"],"ise_security_group_tag_list":["ise security group tag"],"is_online":false,"equipment_class":"OT","edr_last_scan_time":"2022-08-01","end_of_life_date":"2022-08-01","cppm_service_list":["cppm service"],"data_sources_seen_reported_from":["81.2.69.142"],"dhcp_fingerprint":"dhcp fingerprint","dhcp_hostnames":["dhcp hostname"],"dhcp_last_seen_hostname":"dhcp last seen hostname","edge_hosts_seen_reported_from":["81.2.69.142"],"edge_locations_seen_reported_from":["81.2.69.142"],"edge_locations":["edge location"],"edr_is_up_to_date_text":"edr is up to date text","cmms_floor":"cmms_floor","cmms_last_pm":"cmms_last_pm","cmms_location":"cmms_location","cmms_manufacturer":"cmms_manufacturer","cmms_model":"cmms_model","cmms_ownership":"cmms_ownership","cmms_owning_cost_center":"cmms_owning_cost_center","cmms_room":"cmms_room","cmms_serial_number":"cmms_serial_number","cmms_state":"cmms_state","cmms_technician":"cmms_technician","collection_interfaces_seen_reported_from":["81.2.69.142"],"collection_interfaces":["81.2.69.142"],"collection_servers_seen_reported_from":["81.2.69.142"],"collection_servers":["81.2.69.142"],"connection_paths":["connection path"],"connection_type_list":["connection type"],"consequence_of_failure":"consequence of failure","cppm_authentication_status_list":["cppm authentication status"],"cmms_financial_cost":0,"cmms_asset_tag":"cmms_asset_tag","cmms_building":"cmms_building","cmms_campus":"cmms_campus","cmms_department":"cmms_department","cmms_asset_purchase_cost":0,"active_queries_seen_reported_from":["175.16.199.0"],"ad_description":"ad description","ad_distinguished_name":"ad distinguished name","ae_titles":["ae title"],"ap_location_list":["ap location"],"ap_name_list":["ap name"],"applied_acl_list":[],"applied_acl_type_list":["app"],"asset_id":"xsdq1","battery_level":"10","bssid_list":["00:00:00:00:00:00"],"assignees":["3rd Party SOC (Group)","Dylan Mak","Jose Alegria","Security Group (Group)"],"device_category":"OT","effective_likelihood_subscore_points":43.435616,"effective_likelihood_subscore":"Very Low","first_seen_list":["2025-01-22T22:29:10.013719+00:00"],"impact_subscore_points":75,"impact_subscore":"Critical","insecure_protocols_points":0,"insecure_protocols":"Very Low","internet_communication":"No","ip_list":["67.43.156.0"],"known_vulnerabilities_points":71.69265,"known_vulnerabilities":"High","labels":["Criticidad alta","Exposed EOL Asset","Exposed OT Asset","Linea 1","Look into this","OT Internet Klabin"],"last_seen_list":["2025-03-13T02:28:48.626542+00:00"],"likelihood_subscore_points":63.875904,"likelihood_subscore":"High","network_list":["Industrial"],"retired":false,"site_group_name":"Sample Site Group","site_name":"Sample Site","device_subcategory":"Control","uid":"25d8183d-eb78-4c73-a1d3-3eaed076a837","manufacturer":"Rockwell Automation","model":"sample","model_family":"sample_family","serial_number":"1234","risk_score_points":10,"risk_score":"Medium","domains":["Domain A"],"mac_list":["00:00:00:00:00:00"],"device_name":"Sample Device","os_category":"Unix","combined_os":"Unix","os_name":"Unix","os_version":"1.0.0","device_type":"Sample Device","authentication_user_list":["user1"],"vlan_list":["vlan1"],"vlan_name_list":["vlan name"]} {"vulnerability_info":{"published_date":"2025-05-11T01:21:05.359000Z","name":"CVE-2021-45105","cvss_v3_score":4.3,"sources":[{"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105"}],"description":"CVE-2021-45105 - Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups when the logging configuration uses a non-default Pattern Layout with a Context Lookup. This could allow attackers with control over Thread Context Map (MDC) input data to craft malicious input data that contains a recursive lookup resulting in a denial of service condition."},"dhcp_hostnames":["dhcp-hostname-1"],"dhcp_last_seen_hostname":"dhcp-last-seen-hostname-1","ip_list":["89.160.20.112"],"site_name":"NY-BR-212","uid":"569400d5-ceb3-4a58-b7dd-af8a3911ed30","manufacturer":"Microsoft","model":"Windows","model_family":"Windows","serial_number":"00000000-0000-0000-0000-000000000000","risk_score_points":56.06137,"risk_score":"Medium","domains":["example.com"],"mac_list":["e4:90:69:53:df:6b"],"device_name":"89.160.20.112","os_category":"Windows","combined_os":"Windows","os_name":"Windows","os_version":"10","device_type":"Workstation","authentication_user_list":["user1"]} diff --git a/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json b/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json index 906e4c07bd9..2f52da1045a 100644 --- a/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json +++ b/packages/claroty_xdome/data_stream/vulnerability/_dev/test/pipeline/test-vulnerability.log-expected.json @@ -476,7 +476,6 @@ "note": "note1", "priority_group": "vuln_priority_gp", "published_date": "2025-05-11T01:21:05.359Z", - "recommendations": "recomm", "sources": [ { "name": "NVD", @@ -502,7 +501,7 @@ "vulnerability" ], "kind": "state", - "original": "{\"vulnerability_last_updated\":\"2022-08-01\",\"vulnerability_info\":{\"cvss_v3_vector_string\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N\",\"cvss_v2_score\":3.2,\"cvss_v3_score\":5.4,\"epss_score\":0.00133,\"affected_devices_count\":0,\"affected_products\":\"- Windows 10 or 10 IoT - 1507, 1511, 1607, 1809, 1909, 2004, 20H2, 21H1, None\\r\\n- Windows 7 - SP1\\r\\n- Windows 8.1\\r\\n- Windows RT 8.1 \\r\\n- Windows Server 2008 R2 - SP1\\r\\n- Windows Server 2008 - SP2\\r\\n- Windows Server 2012\\r\\n- Windows Server 2012 R2\\r\\n- Windows Server 2016\\r\\n- Windows Server 2019\\r\\n- Windows Server, versions 1909, 2004, 20H2\\r\\n\\r\\nDomain controllers are affected if the print spooler service is enabled. The Authenticated Users group is nested in the Pre-Windows 2000 Compatible Access which is elevated and makes domain controllers vulnerable in default deployments.\\r\\n\\r\\n* Philips, Carestream, and GE published advisories that detail their affected devices:\\r\\n\\t* Philips - https://www.philips.com/a-w/security/security-advisories.html#security_advisories\\r\\n\\t* Carestream - https://www.carestream.com/en/us/-/media/publicsite/resources/service-and-support-publications/carestream-product-security-advsiory---print-nightmare.pdf?sc_lang=en\\r\\n\\t* GE - https://www.gehealthcare.com/en-US/security\",\"source_url\":\"https://localhost:8080/vulnerabilities/CVE-2020-26147\",\"id\":\"APZMJRV\",\"is_known_exploited\":false,\"sources\":[{\"url\":\"https://localhost:8080/vuln/detail/CVE-2020-26147\",\"name\":\"NVD\"}],\"cvss_v2_exploitability_subscore\":3.2,\"affected_ot_devices_count\":0,\"adjusted_vulnerability_score\":4.8359456,\"description\":\"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.\",\"affected_it_devices_count\":0,\"recommendations\":\"recomm\",\"vulnerability_type\":\"Platform\",\"cve_ids\":[\"CVE-2020-26147\"],\"name\":\"CVE-2020-26147\",\"source_name\":\"NVD\",\"published_date\":\"2025-05-11T01:21:05.359000Z\",\"cvss_v2_vector_string\":\"AV:A/AC:H/Au:N/C:P/I:P/A:N\",\"vulnerability_priority_group\":\"vuln_priority_gp\",\"cvss_v3_exploitability_subscore\":1.2,\"affected_iot_devices_count\":0,\"affected_potentially_relevant_devices_count\":0,\"vulnerability_note\":\"note1\",\"vulnerability_assignees\":[\"vuln_assignee1\"],\"exploits_count\":23,\"affected_fixed_devices_count\":0,\"affected_confirmed_devices_count\":0,\"adjusted_vulnerability_score_level\":\"Medium\",\"vulnerability_labels\":[\"vuln_lavel1\",\"vuln_ll2\"],\"affected_irrelevant_devices_count\":0},\"slot_cards\":{\"racks\":[{\"cards\":[{\"uid\":\"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54\",\"slot_number\":4,\"name\":\"card_nm\",\"card_type\":\"Network Card\",\"model\":\"MVI56E-MCM\",\"vendor\":\"ProSoft\",\"sw_version\":\"V3.007\",\"serial_number\":\"001B57F9\",\"ip\":\"67.43.156.0\",\"mac\":\"00:0d:8d:d8:74:63\"}],\"number_of_slots\":9}],\"cards_count\":9},\"snmp_hostnames\":[\"snmp hostname\"],\"snmp_last_seen_hostname\":\"snmp last seen hostname\",\"software_or_firmware_version\":\"software or firmware version\",\"ssid_list\":[\"ssid\"],\"suspicious\":[\"suspicious\"],\"switch_group_name_list\":[\"switch group name\"],\"switch_ip_list\":[\"67.43.156.0\"],\"switch_location_list\":[\"switch location\"],\"switch_mac_list\":[\"switch mac\"],\"switch_name_list\":[\"switch name\"],\"switch_port_description_list\":[\"switch port description\"],\"switch_port_list\":[\"switch port\"],\"device_type_family\":\"device type family\",\"visibility_score_level\":\"Fair\",\"visibility_score\":65,\"vlan_description_list\":[\"vlan description\"],\"wifi_last_seen_list\":[\"wifi last seen\"],\"windows_hostnames\":[\"windows hostname\"],\"windows_last_seen_hostname\":\"windows last seen hostname\",\"wireless_encryption_type_list\":[\"wireless encryption type\"],\"wlc_location_list\":[\"wlc location\"],\"wlc_name_list\":[\"wlc name\"],\"vulnerability_source\":\"Claroty\",\"vulnerability_relevance\":\"Confirmed\",\"avg_in_use_per_day\":12,\"avg_online_per_day\":12,\"avg_examinations_per_day\":12,\"operating_hours_pattern_name\":\"operating hours pattern name\",\"utilization_rate\":1,\"activity_rate\":1,\"organization_firewall_group_name\":\"organization firewall group name\",\"organization_zone_name\":\"organization zone group name\",\"vulnerability_last_changed\":\"2022-08-01\",\"vulnerability_status\":\"Fixed\",\"retired_since\":\"2022-08-01\",\"machine_type\":\"machine type\",\"managed_by\":[\"managed by\"],\"management_services\":[\"management service\"],\"mdm_compliance_status\":\"mdm compliance status\",\"mdm_enrollment_status\":\"mdm enrollment status\",\"mdm_ownership\":\"mdm ownership\",\"mobility\":\"mobility\",\"network_scope_list\":[\"network scope\"],\"note\":\"note\",\"number_of_nics\":1,\"os_eol_date\":\"2022-08-01\",\"os_revision\":\"os revision\",\"os_subcategory\":\"os subcategory\",\"other_hostnames\":[\"other hostname\"],\"phi\":\"phi\",\"product_code\":\"product code\",\"protocol_location_list\":[\"protocol location\"],\"purdue_level_source\":\"purdue level source\",\"purdue_level\":\"purdue level\",\"recommended_firewall_group_name\":\"recommended firewall group name\",\"recommended_zone_name\":\"recommended zone name\",\"last_domain_user_activity\":\"2022-08-01\",\"last_domain_user\":\"last domain user\",\"last_scan_time\":\"2022-08-01\",\"last_seen_on_switch_list\":[\"2022-08-01\"],\"last_seen_reported\":\"2022-08-01\",\"local_name\":\"local name\",\"mac_oui_list\":[\"Randomized Locally Administered Address\"],\"end_of_life_state\":\"\",\"end_of_sale_date\":\"2022-08-01\",\"endpoint_security_names\":[\"CrowdStrike Falcon\"],\"fda_class\":\"OT\",\"financial_cost\":\"$1,000-$10,000\",\"handles_pii\":\"handles_pii\",\"http_hostnames\":[\"http hostname\"],\"http_last_seen_hostname\":\"http last seen hostname\",\"hw_version\":\"hw version\",\"integration_types_reported_from\":[\"integration type\"],\"integrations_reported_from\":[\"integration\"],\"ip_assignment_list\":[\"Static\"],\"ise_authentication_method_list\":[\"ise authentication method\"],\"ise_endpoint_profile_list\":[\"ise endpoint profile\"],\"ise_identity_group_list\":[\"ise identity group\"],\"ise_logical_profile_list\":[\"ise logical profile\"],\"ise_security_group_description_list\":[\"ise security group description\"],\"ise_security_group_name_list\":[\"ise security group name\"],\"ise_security_group_tag_list\":[\"ise security group tag\"],\"is_online\":false,\"equipment_class\":\"OT\",\"edr_last_scan_time\":\"2022-08-01\",\"end_of_life_date\":\"2022-08-01\",\"cppm_service_list\":[\"cppm service\"],\"data_sources_seen_reported_from\":[\"data_source1\"],\"dhcp_fingerprint\":\"dhcp fingerprint\",\"dhcp_hostnames\":[\"dhcp hostname\"],\"dhcp_last_seen_hostname\":\"dhcp last seen hostname\",\"edge_hosts_seen_reported_from\":[\"edge_hosts1\"],\"edge_locations_seen_reported_from\":[\"edge_hosts2\"],\"edge_locations\":[\"edge location\"],\"edr_is_up_to_date_text\":\"edr is up to date text\",\"cmms_floor\":\"cmms_floor\",\"cmms_last_pm\":\"cmms_last_pm\",\"cmms_location\":\"cmms_location\",\"cmms_manufacturer\":\"cmms_manufacturer\",\"cmms_model\":\"cmms_model\",\"cmms_ownership\":\"cmms_ownership\",\"cmms_owning_cost_center\":\"cmms_owning_cost_center\",\"cmms_room\":\"cmms_room\",\"cmms_serial_number\":\"cmms_serial_number\",\"cmms_state\":\"cmms_state\",\"cmms_technician\":\"cmms_technician\",\"collection_interfaces_seen_reported_from\":[\"coll_intf1\"],\"collection_interfaces\":[\"coll_intf1\"],\"collection_servers_seen_reported_from\":[\"coll_intf2\"],\"collection_servers\":[\"coll_intf3\"],\"connection_paths\":[\"connection path\"],\"connection_type_list\":[\"connection type\"],\"consequence_of_failure\":\"consequence of failure\",\"cppm_authentication_status_list\":[\"cppm authentication status\"],\"cmms_financial_cost\":0,\"cmms_asset_tag\":\"cmms_asset_tag\",\"cmms_building\":\"cmms_building\",\"cmms_campus\":\"cmms_campus\",\"cmms_department\":\"cmms_department\",\"cmms_asset_purchase_cost\":0,\"active_queries_seen_reported_from\":[\"unknwown\"],\"ad_description\":\"ad description\",\"ad_distinguished_name\":\"ad distinguished name\",\"ae_titles\":[\"ae title\"],\"ap_location_list\":[\"ap location\"],\"ap_name_list\":[\"ap name\"],\"applied_acl_list\":[\"acl_lst1\"],\"applied_acl_type_list\":[\"app\"],\"asset_id\":\"xsdq1\",\"battery_level\":\"10\",\"bssid_list\":[\"00:00:00:00:00:00\"],\"assignees\":[\"3rd Party SOC (Group)\",\"Dylan Mak\",\"Jose Alegria\",\"Security Group (Group)\"],\"device_category\":\"OT\",\"effective_likelihood_subscore_points\":43.435616,\"effective_likelihood_subscore\":\"Very Low\",\"first_seen_list\":[\"2025-01-22T22:29:10.013719+00:00\"],\"impact_subscore_points\":75,\"impact_subscore\":\"Critical\",\"insecure_protocols_points\":0,\"insecure_protocols\":\"Very Low\",\"internet_communication\":\"No\",\"ip_list\":[\"67.43.156.0\"],\"known_vulnerabilities_points\":71.69265,\"known_vulnerabilities\":\"High\",\"labels\":[\"Criticidad alta\",\"Exposed EOL Asset\",\"Exposed OT Asset\",\"Linea 1\",\"Look into this\",\"OT Internet Klabin\"],\"last_seen_list\":[\"2025-03-13T02:28:48.626542+00:00\"],\"likelihood_subscore_points\":63.875904,\"likelihood_subscore\":\"High\",\"network_list\":[\"Industrial\"],\"retired\":false,\"site_group_name\":\"Sample Site Group\",\"site_name\":\"Sample Site\",\"device_subcategory\":\"Control\",\"uid\":\"23883ed8-5985-4fb2-a94c-11c9a9def141\",\"manufacturer\":\"Rockwell Automation\",\"model\":\"sample\",\"model_family\":\"sample_family\",\"serial_number\":\"1234\",\"risk_score_points\":10,\"risk_score\":\"Medium\",\"domains\":[\"Domain A\"],\"mac_list\":[\"00:00:00:00:00:00\"],\"device_name\":\"Sample Device\",\"os_category\":\"Unix\",\"combined_os\":\"Unix\",\"os_name\":\"Unix\",\"os_version\":\"1.0.0\",\"device_type\":\"Sample Device\",\"authentication_user_list\":[\"auth_user1\"],\"vlan_list\":[\"vlan1\"],\"vlan_name_list\":[\"vlan name\"]}", + "original": "{\"vulnerability_last_updated\":\"2022-08-01\",\"vulnerability_info\":{\"cvss_v3_vector_string\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N\",\"cvss_v2_score\":3.2,\"cvss_v3_score\":5.4,\"epss_score\":0.00133,\"affected_devices_count\":0,\"affected_products\":\"- Windows 10 or 10 IoT - 1507, 1511, 1607, 1809, 1909, 2004, 20H2, 21H1, None\\r\\n- Windows 7 - SP1\\r\\n- Windows 8.1\\r\\n- Windows RT 8.1 \\r\\n- Windows Server 2008 R2 - SP1\\r\\n- Windows Server 2008 - SP2\\r\\n- Windows Server 2012\\r\\n- Windows Server 2012 R2\\r\\n- Windows Server 2016\\r\\n- Windows Server 2019\\r\\n- Windows Server, versions 1909, 2004, 20H2\\r\\n\\r\\nDomain controllers are affected if the print spooler service is enabled. The Authenticated Users group is nested in the Pre-Windows 2000 Compatible Access which is elevated and makes domain controllers vulnerable in default deployments.\\r\\n\\r\\n* Philips, Carestream, and GE published advisories that detail their affected devices:\\r\\n\\t* Philips - https://www.philips.com/a-w/security/security-advisories.html#security_advisories\\r\\n\\t* Carestream - https://www.carestream.com/en/us/-/media/publicsite/resources/service-and-support-publications/carestream-product-security-advsiory---print-nightmare.pdf?sc_lang=en\\r\\n\\t* GE - https://www.gehealthcare.com/en-US/security\",\"source_url\":\"https://localhost:8080/vulnerabilities/CVE-2020-26147\",\"id\":\"APZMJRV\",\"is_known_exploited\":false,\"sources\":[{\"url\":\"https://localhost:8080/vuln/detail/CVE-2020-26147\",\"name\":\"NVD\"}],\"cvss_v2_exploitability_subscore\":3.2,\"affected_ot_devices_count\":0,\"adjusted_vulnerability_score\":4.8359456,\"description\":\"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.\",\"affected_it_devices_count\":0,\"vulnerability_type\":\"Platform\",\"cve_ids\":[\"CVE-2020-26147\"],\"name\":\"CVE-2020-26147\",\"source_name\":\"NVD\",\"published_date\":\"2025-05-11T01:21:05.359000Z\",\"cvss_v2_vector_string\":\"AV:A/AC:H/Au:N/C:P/I:P/A:N\",\"vulnerability_priority_group\":\"vuln_priority_gp\",\"cvss_v3_exploitability_subscore\":1.2,\"affected_iot_devices_count\":0,\"affected_potentially_relevant_devices_count\":0,\"vulnerability_note\":\"note1\",\"vulnerability_assignees\":[\"vuln_assignee1\"],\"exploits_count\":23,\"affected_fixed_devices_count\":0,\"affected_confirmed_devices_count\":0,\"adjusted_vulnerability_score_level\":\"Medium\",\"vulnerability_labels\":[\"vuln_lavel1\",\"vuln_ll2\"],\"affected_irrelevant_devices_count\":0},\"slot_cards\":{\"racks\":[{\"cards\":[{\"uid\":\"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54\",\"slot_number\":4,\"name\":\"card_nm\",\"card_type\":\"Network Card\",\"model\":\"MVI56E-MCM\",\"vendor\":\"ProSoft\",\"sw_version\":\"V3.007\",\"serial_number\":\"001B57F9\",\"ip\":\"67.43.156.0\",\"mac\":\"00:0d:8d:d8:74:63\"}],\"number_of_slots\":9}],\"cards_count\":9},\"snmp_hostnames\":[\"snmp hostname\"],\"snmp_last_seen_hostname\":\"snmp last seen hostname\",\"software_or_firmware_version\":\"software or firmware version\",\"ssid_list\":[\"ssid\"],\"suspicious\":[\"suspicious\"],\"switch_group_name_list\":[\"switch group name\"],\"switch_ip_list\":[\"67.43.156.0\"],\"switch_location_list\":[\"switch location\"],\"switch_mac_list\":[\"switch mac\"],\"switch_name_list\":[\"switch name\"],\"switch_port_description_list\":[\"switch port description\"],\"switch_port_list\":[\"switch port\"],\"device_type_family\":\"device type family\",\"visibility_score_level\":\"Fair\",\"visibility_score\":65,\"vlan_description_list\":[\"vlan description\"],\"wifi_last_seen_list\":[\"wifi last seen\"],\"windows_hostnames\":[\"windows hostname\"],\"windows_last_seen_hostname\":\"windows last seen hostname\",\"wireless_encryption_type_list\":[\"wireless encryption type\"],\"wlc_location_list\":[\"wlc location\"],\"wlc_name_list\":[\"wlc name\"],\"vulnerability_source\":\"Claroty\",\"vulnerability_relevance\":\"Confirmed\",\"avg_in_use_per_day\":12,\"avg_online_per_day\":12,\"avg_examinations_per_day\":12,\"operating_hours_pattern_name\":\"operating hours pattern name\",\"utilization_rate\":1,\"activity_rate\":1,\"organization_firewall_group_name\":\"organization firewall group name\",\"organization_zone_name\":\"organization zone group name\",\"vulnerability_last_changed\":\"2022-08-01\",\"vulnerability_status\":\"Fixed\",\"retired_since\":\"2022-08-01\",\"machine_type\":\"machine type\",\"managed_by\":[\"managed by\"],\"management_services\":[\"management service\"],\"mdm_compliance_status\":\"mdm compliance status\",\"mdm_enrollment_status\":\"mdm enrollment status\",\"mdm_ownership\":\"mdm ownership\",\"mobility\":\"mobility\",\"network_scope_list\":[\"network scope\"],\"note\":\"note\",\"number_of_nics\":1,\"os_eol_date\":\"2022-08-01\",\"os_revision\":\"os revision\",\"os_subcategory\":\"os subcategory\",\"other_hostnames\":[\"other hostname\"],\"phi\":\"phi\",\"product_code\":\"product code\",\"protocol_location_list\":[\"protocol location\"],\"purdue_level_source\":\"purdue level source\",\"purdue_level\":\"purdue level\",\"recommended_firewall_group_name\":\"recommended firewall group name\",\"recommended_zone_name\":\"recommended zone name\",\"last_domain_user_activity\":\"2022-08-01\",\"last_domain_user\":\"last domain user\",\"last_scan_time\":\"2022-08-01\",\"last_seen_on_switch_list\":[\"2022-08-01\"],\"last_seen_reported\":\"2022-08-01\",\"local_name\":\"local name\",\"mac_oui_list\":[\"Randomized Locally Administered Address\"],\"end_of_life_state\":\"\",\"end_of_sale_date\":\"2022-08-01\",\"endpoint_security_names\":[\"CrowdStrike Falcon\"],\"fda_class\":\"OT\",\"financial_cost\":\"$1,000-$10,000\",\"handles_pii\":\"handles_pii\",\"http_hostnames\":[\"http hostname\"],\"http_last_seen_hostname\":\"http last seen hostname\",\"hw_version\":\"hw version\",\"integration_types_reported_from\":[\"integration type\"],\"integrations_reported_from\":[\"integration\"],\"ip_assignment_list\":[\"Static\"],\"ise_authentication_method_list\":[\"ise authentication method\"],\"ise_endpoint_profile_list\":[\"ise endpoint profile\"],\"ise_identity_group_list\":[\"ise identity group\"],\"ise_logical_profile_list\":[\"ise logical profile\"],\"ise_security_group_description_list\":[\"ise security group description\"],\"ise_security_group_name_list\":[\"ise security group name\"],\"ise_security_group_tag_list\":[\"ise security group tag\"],\"is_online\":false,\"equipment_class\":\"OT\",\"edr_last_scan_time\":\"2022-08-01\",\"end_of_life_date\":\"2022-08-01\",\"cppm_service_list\":[\"cppm service\"],\"data_sources_seen_reported_from\":[\"data_source1\"],\"dhcp_fingerprint\":\"dhcp fingerprint\",\"dhcp_hostnames\":[\"dhcp hostname\"],\"dhcp_last_seen_hostname\":\"dhcp last seen hostname\",\"edge_hosts_seen_reported_from\":[\"edge_hosts1\"],\"edge_locations_seen_reported_from\":[\"edge_hosts2\"],\"edge_locations\":[\"edge location\"],\"edr_is_up_to_date_text\":\"edr is up to date text\",\"cmms_floor\":\"cmms_floor\",\"cmms_last_pm\":\"cmms_last_pm\",\"cmms_location\":\"cmms_location\",\"cmms_manufacturer\":\"cmms_manufacturer\",\"cmms_model\":\"cmms_model\",\"cmms_ownership\":\"cmms_ownership\",\"cmms_owning_cost_center\":\"cmms_owning_cost_center\",\"cmms_room\":\"cmms_room\",\"cmms_serial_number\":\"cmms_serial_number\",\"cmms_state\":\"cmms_state\",\"cmms_technician\":\"cmms_technician\",\"collection_interfaces_seen_reported_from\":[\"coll_intf1\"],\"collection_interfaces\":[\"coll_intf1\"],\"collection_servers_seen_reported_from\":[\"coll_intf2\"],\"collection_servers\":[\"coll_intf3\"],\"connection_paths\":[\"connection path\"],\"connection_type_list\":[\"connection type\"],\"consequence_of_failure\":\"consequence of failure\",\"cppm_authentication_status_list\":[\"cppm authentication status\"],\"cmms_financial_cost\":0,\"cmms_asset_tag\":\"cmms_asset_tag\",\"cmms_building\":\"cmms_building\",\"cmms_campus\":\"cmms_campus\",\"cmms_department\":\"cmms_department\",\"cmms_asset_purchase_cost\":0,\"active_queries_seen_reported_from\":[\"unknwown\"],\"ad_description\":\"ad description\",\"ad_distinguished_name\":\"ad distinguished name\",\"ae_titles\":[\"ae title\"],\"ap_location_list\":[\"ap location\"],\"ap_name_list\":[\"ap name\"],\"applied_acl_list\":[\"acl_lst1\"],\"applied_acl_type_list\":[\"app\"],\"asset_id\":\"xsdq1\",\"battery_level\":\"10\",\"bssid_list\":[\"00:00:00:00:00:00\"],\"assignees\":[\"3rd Party SOC (Group)\",\"Dylan Mak\",\"Jose Alegria\",\"Security Group (Group)\"],\"device_category\":\"OT\",\"effective_likelihood_subscore_points\":43.435616,\"effective_likelihood_subscore\":\"Very Low\",\"first_seen_list\":[\"2025-01-22T22:29:10.013719+00:00\"],\"impact_subscore_points\":75,\"impact_subscore\":\"Critical\",\"insecure_protocols_points\":0,\"insecure_protocols\":\"Very Low\",\"internet_communication\":\"No\",\"ip_list\":[\"67.43.156.0\"],\"known_vulnerabilities_points\":71.69265,\"known_vulnerabilities\":\"High\",\"labels\":[\"Criticidad alta\",\"Exposed EOL Asset\",\"Exposed OT Asset\",\"Linea 1\",\"Look into this\",\"OT Internet Klabin\"],\"last_seen_list\":[\"2025-03-13T02:28:48.626542+00:00\"],\"likelihood_subscore_points\":63.875904,\"likelihood_subscore\":\"High\",\"network_list\":[\"Industrial\"],\"retired\":false,\"site_group_name\":\"Sample Site Group\",\"site_name\":\"Sample Site\",\"device_subcategory\":\"Control\",\"uid\":\"23883ed8-5985-4fb2-a94c-11c9a9def141\",\"manufacturer\":\"Rockwell Automation\",\"model\":\"sample\",\"model_family\":\"sample_family\",\"serial_number\":\"1234\",\"risk_score_points\":10,\"risk_score\":\"Medium\",\"domains\":[\"Domain A\"],\"mac_list\":[\"00:00:00:00:00:00\"],\"device_name\":\"Sample Device\",\"os_category\":\"Unix\",\"combined_os\":\"Unix\",\"os_name\":\"Unix\",\"os_version\":\"1.0.0\",\"device_type\":\"Sample Device\",\"authentication_user_list\":[\"auth_user1\"],\"vlan_list\":[\"vlan1\"],\"vlan_name_list\":[\"vlan name\"]}", "risk_score": 10.0, "severity": 47, "type": [ @@ -868,7 +867,7 @@ "vulnerability" ], "kind": "state", - "original": "{\"active_queries_seen_reported_from\":[],\"activity_rate\":52,\"ad_description\":null,\"ad_distinguished_name\":null,\"ae_titles\":[],\"ap_location_list\":[null],\"ap_name_list\":[null],\"applied_acl_list\":[null],\"applied_acl_type_list\":[null],\"asset_id\":\"DLUPOQD\",\"assignees\":[\"3rd Party SOC (Group)\",\"Ben Jackman\"],\"assignees_data\":[{\"display_name\":\"Ben Jackman\",\"id\":\"ben.jackman\",\"is_active\":true,\"type\":\"user\"},{\"display_name\":\"3rd Party SOC\",\"id\":37,\"type\":\"group\"}],\"authentication_user_list\":[null],\"avg_examinations_per_day\":null,\"avg_in_use_per_day\":null,\"avg_online_per_day\":12.4,\"battery_level\":null,\"bssid_list\":[null],\"cmms_asset_tag\":null,\"cmms_financial_cost\":null,\"collection_interfaces_seen_reported_from\":[\"ens142@demo-collection-columbia\",\"ens178@demo-collection-clinton\",\"ens192@demo-collection-columbia\"],\"collection_servers_seen_reported_from\":[\"demo-collection-clinton\",\"demo-collection-columbia\"],\"combined_os\":\"Windows 10 1607\",\"connection_paths\":[],\"connection_type_list\":[\"Ethernet\"],\"consequence_of_failure\":null,\"cppm_authentication_status_list\":[null],\"cppm_service_list\":[null],\"data_sources_seen_reported_from\":[\"Passive Collection\",\"Edge Scan\",\"Integration\"],\"device_category\":\"OT\",\"device_name\":\"DESKTOP-UOCGAB\",\"device_subcategory\":\"Operation\",\"device_type\":\"Engineering Station\",\"device_type_family\":\"Engineering Station\",\"dhcp_fingerprint\":null,\"dhcp_hostnames\":[],\"dhcp_last_seen_hostname\":null,\"domains\":[],\"edge_hosts_seen_reported_from\":[\"dcf4011c53fa (old Edge ID)\",\"dcf4013fc620 (old Edge ID)\"],\"edge_locations_seen_reported_from\":[\"Plant-3\",\"Plant-1\"],\"edr_is_up_to_date_text\":null,\"edr_last_scan_time\":null,\"effective_likelihood_subscore\":\"Very Low\",\"effective_likelihood_subscore_points\":20.12401,\"end_of_life_date\":null,\"end_of_life_state\":null,\"end_of_sale_date\":null,\"endpoint_security_names\":[],\"equipment_class\":null,\"fda_class\":null,\"financial_cost\":\"Unknown\",\"first_seen_list\":[\"2025-02-03T01:20:31.035291+00:00\"],\"handles_pii\":null,\"http_hostnames\":[],\"http_last_seen_hostname\":null,\"hw_version\":null,\"impact_subscore\":\"Critical\",\"impact_subscore_points\":100,\"insecure_protocols\":\"Medium\",\"insecure_protocols_points\":40,\"integration_types_reported_from\":[\"Rapid7\"],\"integrations_reported_from\":[\"Rapid7 (Rapid7)\"],\"internet_communication\":\"No\",\"ip_assignment_list\":[\"Static\"],\"ip_list\":[\"216.160.83.56\"],\"is_online\":true,\"ise_authentication_method_list\":[null],\"ise_endpoint_profile_list\":[null],\"ise_identity_group_list\":[null],\"ise_logical_profile_list\":[null],\"ise_security_group_description_list\":[null],\"ise_security_group_name_list\":[null],\"ise_security_group_tag_list\":[null],\"known_vulnerabilities\":\"Critical\",\"known_vulnerabilities_points\":100,\"labels\":[\"criticality\",\"Exposed OT & Critical Vulnerabilities\",\"Exposed OT Assets\",\"OT Internet Klabin\",\"Unsupported_OS\",\"Urgent\",\"xSA Managed Devices\"],\"last_domain_user\":null,\"last_domain_user_activity\":null,\"last_scan_time\":\"2025-01-15T09:55:30.094042+00:00\",\"last_seen_list\":[\"2025-03-26T02:58:09.298201+00:00\"],\"last_seen_on_switch_list\":[\"2025-03-09T09:42:00.035327+00:00\"],\"last_seen_reported\":\"2025-03-27T02:57:44.802361+00:00\",\"likelihood_subscore\":\"Critical\",\"likelihood_subscore_points\":71.87147,\"local_name\":null,\"mac_list\":[\"dc:f4:01:3f:c6:20\"],\"mac_oui_list\":[\"Dell Inc.\"],\"machine_type\":\"Physical\",\"managed_by\":[],\"manufacturer\":\"Dell\",\"mdm_compliance_status\":null,\"mdm_enrollment_status\":null,\"mdm_ownership\":null,\"mobility\":null,\"model\":\"OptiPlex 7010\",\"model_family\":null,\"network_list\":[\"Industrial\"],\"network_scope_list\":[\"Default\"],\"note\":null,\"number_of_nics\":1,\"organization_firewall_group_name\":\"No Zone\",\"os_category\":\"Windows\",\"os_eol_date\":\"2019-04-09T00:00:00+00:00\",\"os_name\":\"Windows\",\"os_revision\":\"1607\",\"os_subcategory\":\"Windows 10 & Equivalent\",\"os_version\":\"10\",\"other_hostnames\":[\"DESKTOP-UOCGAB\"],\"phi\":null,\"product_code\":null,\"protocol_location_list\":[null],\"purdue_level\":\"Level 2\",\"purdue_level_source\":\"Auto-Assigned\",\"recommended_firewall_group_name\":\"Industrial Workstations\",\"retired\":false,\"retired_since\":null,\"risk_score\":\"Medium\",\"risk_score_points\":52.074406,\"serial_number\":null,\"site_group_name\":\"No Group\",\"site_name\":\"Columbia\",\"slot_cards\":null,\"snmp_hostnames\":[],\"snmp_last_seen_hostname\":null,\"software_or_firmware_version\":null,\"ssid_list\":[null],\"suspicious\":[],\"switch_group_name_list\":[null],\"switch_ip_list\":[null],\"switch_location_list\":[\"dep PUcBj\"],\"switch_mac_list\":[\"00:11:20:db:06:13\"],\"switch_port_description_list\":[null],\"switch_port_list\":[\"Fa/0/7\"],\"uid\":\"ea50eaa8-0fef-4ec2-9076-48bb98e85a4b\",\"utilization_rate\":0,\"visibility_score\":98,\"visibility_score_level\":\"Excellent\",\"vlan_description_list\":[\"VLAN 125\"],\"vlan_list\":[125],\"vlan_name_list\":[\"VLAN 125\"],\"vulnerability_info\":{\"adjusted_vulnerability_score\":8.887692,\"adjusted_vulnerability_score_level\":\"High\",\"affected_confirmed_devices_count\":102,\"affected_devices_count\":345,\"affected_fixed_devices_count\":0,\"affected_iot_devices_count\":39,\"affected_irrelevant_devices_count\":0,\"affected_it_devices_count\":102,\"affected_ot_devices_count\":204,\"affected_potentially_relevant_devices_count\":243,\"affected_products\":null,\"cve_ids\":[\"CVE-2025-21418\"],\"cvss_v2_exploitability_subscore\":null,\"cvss_v2_score\":null,\"cvss_v2_vector_string\":null,\"cvss_v3_exploitability_subscore\":1.8,\"cvss_v3_score\":7.8,\"cvss_v3_vector_string\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"description\":\"CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability\",\"epss_score\":0.00051,\"exploits_count\":null,\"id\":\"ALCWSJJU\",\"is_known_exploited\":true,\"name\":\"CVE-2025-21418\",\"published_date\":\"2025-02-11T00:00:00Z\",\"recommendations\":null,\"source_name\":\"Microsoft\",\"source_url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418\",\"sources\":[{\"name\":\"Microsoft\",\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418\"}],\"vulnerability_assignees\":[],\"vulnerability_labels\":[],\"vulnerability_note\":null,\"vulnerability_priority_group\":\"Priority Group 4\",\"vulnerability_type\":\"Platform\"},\"vulnerability_is_user_verdict\":false,\"vulnerability_last_updated\":\"2025-03-26T03:11:46.061472+00:00\",\"vulnerability_relevance\":\"Potentially Relevant\",\"vulnerability_source\":\"Claroty\",\"vulnerability_system_relevance\":\"Potentially Relevant\",\"wifi_last_seen_list\":[null],\"windows_hostnames\":[],\"windows_last_seen_hostname\":null,\"wireless_encryption_type_list\":[null],\"wlc_location_list\":[null],\"wlc_name_list\":[null]}", + "original": "{\"active_queries_seen_reported_from\":[],\"activity_rate\":52,\"ad_description\":null,\"ad_distinguished_name\":null,\"ae_titles\":[],\"ap_location_list\":[null],\"ap_name_list\":[null],\"applied_acl_list\":[null],\"applied_acl_type_list\":[null],\"asset_id\":\"DLUPOQD\",\"assignees\":[\"3rd Party SOC (Group)\",\"Ben Jackman\"],\"assignees_data\":[{\"display_name\":\"Ben Jackman\",\"id\":\"ben.jackman\",\"is_active\":true,\"type\":\"user\"},{\"display_name\":\"3rd Party SOC\",\"id\":37,\"type\":\"group\"}],\"authentication_user_list\":[null],\"avg_examinations_per_day\":null,\"avg_in_use_per_day\":null,\"avg_online_per_day\":12.4,\"battery_level\":null,\"bssid_list\":[null],\"cmms_asset_tag\":null,\"cmms_financial_cost\":null,\"collection_interfaces_seen_reported_from\":[\"ens142@demo-collection-columbia\",\"ens178@demo-collection-clinton\",\"ens192@demo-collection-columbia\"],\"collection_servers_seen_reported_from\":[\"demo-collection-clinton\",\"demo-collection-columbia\"],\"combined_os\":\"Windows 10 1607\",\"connection_paths\":[],\"connection_type_list\":[\"Ethernet\"],\"consequence_of_failure\":null,\"cppm_authentication_status_list\":[null],\"cppm_service_list\":[null],\"data_sources_seen_reported_from\":[\"Passive Collection\",\"Edge Scan\",\"Integration\"],\"device_category\":\"OT\",\"device_name\":\"DESKTOP-UOCGAB\",\"device_subcategory\":\"Operation\",\"device_type\":\"Engineering Station\",\"device_type_family\":\"Engineering Station\",\"dhcp_fingerprint\":null,\"dhcp_hostnames\":[],\"dhcp_last_seen_hostname\":null,\"domains\":[],\"edge_hosts_seen_reported_from\":[\"dcf4011c53fa (old Edge ID)\",\"dcf4013fc620 (old Edge ID)\"],\"edge_locations_seen_reported_from\":[\"Plant-3\",\"Plant-1\"],\"edr_is_up_to_date_text\":null,\"edr_last_scan_time\":null,\"effective_likelihood_subscore\":\"Very Low\",\"effective_likelihood_subscore_points\":20.12401,\"end_of_life_date\":null,\"end_of_life_state\":null,\"end_of_sale_date\":null,\"endpoint_security_names\":[],\"equipment_class\":null,\"fda_class\":null,\"financial_cost\":\"Unknown\",\"first_seen_list\":[\"2025-02-03T01:20:31.035291+00:00\"],\"handles_pii\":null,\"http_hostnames\":[],\"http_last_seen_hostname\":null,\"hw_version\":null,\"impact_subscore\":\"Critical\",\"impact_subscore_points\":100,\"insecure_protocols\":\"Medium\",\"insecure_protocols_points\":40,\"integration_types_reported_from\":[\"Rapid7\"],\"integrations_reported_from\":[\"Rapid7 (Rapid7)\"],\"internet_communication\":\"No\",\"ip_assignment_list\":[\"Static\"],\"ip_list\":[\"216.160.83.56\"],\"is_online\":true,\"ise_authentication_method_list\":[null],\"ise_endpoint_profile_list\":[null],\"ise_identity_group_list\":[null],\"ise_logical_profile_list\":[null],\"ise_security_group_description_list\":[null],\"ise_security_group_name_list\":[null],\"ise_security_group_tag_list\":[null],\"known_vulnerabilities\":\"Critical\",\"known_vulnerabilities_points\":100,\"labels\":[\"criticality\",\"Exposed OT & Critical Vulnerabilities\",\"Exposed OT Assets\",\"OT Internet Klabin\",\"Unsupported_OS\",\"Urgent\",\"xSA Managed Devices\"],\"last_domain_user\":null,\"last_domain_user_activity\":null,\"last_scan_time\":\"2025-01-15T09:55:30.094042+00:00\",\"last_seen_list\":[\"2025-03-26T02:58:09.298201+00:00\"],\"last_seen_on_switch_list\":[\"2025-03-09T09:42:00.035327+00:00\"],\"last_seen_reported\":\"2025-03-27T02:57:44.802361+00:00\",\"likelihood_subscore\":\"Critical\",\"likelihood_subscore_points\":71.87147,\"local_name\":null,\"mac_list\":[\"dc:f4:01:3f:c6:20\"],\"mac_oui_list\":[\"Dell Inc.\"],\"machine_type\":\"Physical\",\"managed_by\":[],\"manufacturer\":\"Dell\",\"mdm_compliance_status\":null,\"mdm_enrollment_status\":null,\"mdm_ownership\":null,\"mobility\":null,\"model\":\"OptiPlex 7010\",\"model_family\":null,\"network_list\":[\"Industrial\"],\"network_scope_list\":[\"Default\"],\"note\":null,\"number_of_nics\":1,\"organization_firewall_group_name\":\"No Zone\",\"os_category\":\"Windows\",\"os_eol_date\":\"2019-04-09T00:00:00+00:00\",\"os_name\":\"Windows\",\"os_revision\":\"1607\",\"os_subcategory\":\"Windows 10 & Equivalent\",\"os_version\":\"10\",\"other_hostnames\":[\"DESKTOP-UOCGAB\"],\"phi\":null,\"product_code\":null,\"protocol_location_list\":[null],\"purdue_level\":\"Level 2\",\"purdue_level_source\":\"Auto-Assigned\",\"recommended_firewall_group_name\":\"Industrial Workstations\",\"retired\":false,\"retired_since\":null,\"risk_score\":\"Medium\",\"risk_score_points\":52.074406,\"serial_number\":null,\"site_group_name\":\"No Group\",\"site_name\":\"Columbia\",\"slot_cards\":null,\"snmp_hostnames\":[],\"snmp_last_seen_hostname\":null,\"software_or_firmware_version\":null,\"ssid_list\":[null],\"suspicious\":[],\"switch_group_name_list\":[null],\"switch_ip_list\":[null],\"switch_location_list\":[\"dep PUcBj\"],\"switch_mac_list\":[\"00:11:20:db:06:13\"],\"switch_port_description_list\":[null],\"switch_port_list\":[\"Fa/0/7\"],\"uid\":\"ea50eaa8-0fef-4ec2-9076-48bb98e85a4b\",\"utilization_rate\":0,\"visibility_score\":98,\"visibility_score_level\":\"Excellent\",\"vlan_description_list\":[\"VLAN 125\"],\"vlan_list\":[125],\"vlan_name_list\":[\"VLAN 125\"],\"vulnerability_info\":{\"adjusted_vulnerability_score\":8.887692,\"adjusted_vulnerability_score_level\":\"High\",\"affected_confirmed_devices_count\":102,\"affected_devices_count\":345,\"affected_fixed_devices_count\":0,\"affected_iot_devices_count\":39,\"affected_irrelevant_devices_count\":0,\"affected_it_devices_count\":102,\"affected_ot_devices_count\":204,\"affected_potentially_relevant_devices_count\":243,\"affected_products\":null,\"cve_ids\":[\"CVE-2025-21418\"],\"cvss_v2_exploitability_subscore\":null,\"cvss_v2_score\":null,\"cvss_v2_vector_string\":null,\"cvss_v3_exploitability_subscore\":1.8,\"cvss_v3_score\":7.8,\"cvss_v3_vector_string\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"description\":\"CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability\",\"epss_score\":0.00051,\"exploits_count\":null,\"id\":\"ALCWSJJU\",\"is_known_exploited\":true,\"name\":\"CVE-2025-21418\",\"published_date\":\"2025-02-11T00:00:00Z\",\"source_name\":\"Microsoft\",\"source_url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418\",\"sources\":[{\"name\":\"Microsoft\",\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418\"}],\"vulnerability_assignees\":[],\"vulnerability_labels\":[],\"vulnerability_note\":null,\"vulnerability_priority_group\":\"Priority Group 4\",\"vulnerability_type\":\"Platform\"},\"vulnerability_is_user_verdict\":false,\"vulnerability_last_updated\":\"2025-03-26T03:11:46.061472+00:00\",\"vulnerability_relevance\":\"Potentially Relevant\",\"vulnerability_source\":\"Claroty\",\"vulnerability_system_relevance\":\"Potentially Relevant\",\"wifi_last_seen_list\":[null],\"windows_hostnames\":[],\"windows_last_seen_hostname\":null,\"wireless_encryption_type_list\":[null],\"wlc_location_list\":[null],\"wlc_name_list\":[null]}", "risk_score": 52.074406, "severity": 47, "type": [ @@ -1508,7 +1507,7 @@ "vulnerability" ], "kind": "state", - "original": "{\"vulnerability_last_updated\":\"2022-08-01\",\"vulnerability_info\":{\"affected_medical_devices_count\":10,\"cvss_v3_vector_string\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N\",\"cvss_v2_score\":3.2,\"cvss_v3_score\":5.4,\"epss_score\":0.00133,\"affected_devices_count\":0,\"affected_products\":null,\"source_url\":\"https://localhost:8080/vulnerabilities/CVE-2020-26147\",\"id\":\"APZMJRV\",\"is_known_exploited\":false,\"sources\":[{\"url\":\"https://localhost:8080/vuln/detail/CVE-2020-26147\",\"name\":\"NVD\"}],\"cvss_v2_exploitability_subscore\":3.2,\"affected_ot_devices_count\":0,\"adjusted_vulnerability_score\":4.8359456,\"description\":\"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.\",\"affected_it_devices_count\":0,\"recommendations\":null,\"vulnerability_type\":\"Platform\",\"cve_ids\":[\"CVE-2020-26147\"],\"name\":\"CVE-2020-26147\",\"source_name\":\"NVD\",\"published_date\":\"2025-05-11T01:21:05.359000Z\",\"cvss_v2_vector_string\":\"AV:A/AC:H/Au:N/C:P/I:P/A:N\",\"vulnerability_priority_group\":null,\"cvss_v3_exploitability_subscore\":1.2,\"affected_iot_devices_count\":0,\"affected_potentially_relevant_devices_count\":0,\"vulnerability_note\":null,\"vulnerability_assignees\":[],\"exploits_count\":null,\"affected_fixed_devices_count\":0,\"affected_confirmed_devices_count\":0,\"adjusted_vulnerability_score_level\":\"Medium\",\"vulnerability_labels\":[],\"affected_irrelevant_devices_count\":0},\"slot_cards\":{\"racks\":[{\"cards\":[{\"uid\":\"3b6c4639-3743-4362-b38a-d1edcde189b1\",\"slot_number\":0,\"name\":null,\"card_type\":\"CPU\",\"model\":\"1756-L7SP/B LOGIXSAFETY\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V24.012\",\"serial_number\":\"00172DC0\"},{\"uid\":\"f1495b05-2262-4726-b604-aff5034d4e0f\",\"slot_number\":1,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1756-OB16E/A DCOUT EFUSE\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V3.003\",\"serial_number\":\"000F75F0\"},{\"uid\":\"6ec98e76-9a29-4f9c-b259-d000f3009e02\",\"slot_number\":2,\"name\":null,\"card_type\":\"CPU\",\"model\":\"1756-L73S/B LOGIX5573 SAFETY\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V32.011\",\"serial_number\":\"00140557\"},{\"uid\":\"954e50eb-3c06-4208-b837-52a93a079a52\",\"slot_number\":3,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1756-IB32/B DCIN\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V3.005\",\"serial_number\":\"001D1DF9\"},{\"uid\":\"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54\",\"slot_number\":4,\"name\":null,\"card_type\":\"Network Card\",\"model\":\"MVI56E-MCM\",\"vendor\":\"ProSoft\",\"sw_version\":\"V3.007\",\"serial_number\":\"001B57F9\",\"ip\":\"67.43.156.0\",\"mac\":\"00:0d:8d:d8:74:63\"},{\"uid\":\"a31ea446-580e-4b3d-8923-3661bf28d429\",\"slot_number\":5,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1756-IF16/A\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V1.005\",\"serial_number\":\"0016F448\"},{\"uid\":\"63131aa8-d0f1-45a0-832b-fc397639b7e4\",\"slot_number\":6,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1746-IB16 16-Input (SINK) 24 VDC\",\"vendor\":\"Rockwell Automation\",\"sw_version\":null,\"serial_number\":\"001D0134\"},{\"uid\":\"96430c94-4782-4f12-9e00-c97383897f0c\",\"slot_number\":7,\"name\":null,\"card_type\":\"Network Card\",\"model\":\"1756-EN2T/D\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V11.002\",\"serial_number\":\"0019410D\",\"ip\":\"81.2.69.142\",\"mac\":\"40:41:01:fe:ad:41\"},{\"uid\":\"e2444831-3b05-4467-aeac-7deb87b717a7\",\"slot_number\":8,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1746-IA16 16-Input 100/120 VAC\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V3.005\",\"serial_number\":\"001252EE\"}],\"number_of_slots\":9}],\"cards_count\":9},\"snmp_hostnames\":[\"snmp hostname\"],\"snmp_last_seen_hostname\":\"snmp last seen hostname\",\"software_or_firmware_version\":\"software or firmware version\",\"ssid_list\":[\"ssid\"],\"suspicious\":[\"suspicious\"],\"switch_group_name_list\":[\"switch group name\"],\"switch_ip_list\":[\"81.2.69.142\"],\"switch_location_list\":[\"switch location\"],\"switch_mac_list\":[\"switch mac\"],\"switch_name_list\":[\"switch name\"],\"switch_port_description_list\":[\"switch port description\"],\"switch_port_list\":[\"switch port\"],\"device_type_family\":\"device type family\",\"visibility_score_level\":\"Fair\",\"visibility_score\":65,\"vlan_description_list\":[\"vlan description\"],\"wifi_last_seen_list\":[\"2222-01-22T22:29:10.013719+00:00\"],\"windows_hostnames\":[\"windows hostname\"],\"windows_last_seen_hostname\":\"windows last seen hostname\",\"wireless_encryption_type_list\":[\"wireless encryption type\"],\"wlc_location_list\":[\"wlc location\"],\"wlc_name_list\":[\"wlc name\"],\"vulnerability_source\":\"Claroty\",\"vulnerability_relevance\":\"Confirmed\",\"avg_in_use_per_day\":12,\"avg_online_per_day\":12,\"avg_examinations_per_day\":12,\"operating_hours_pattern_name\":\"operating hours pattern name\",\"utilization_rate\":1,\"activity_rate\":1,\"organization_firewall_group_name\":\"organization firewall group name\",\"organization_zone_name\":\"organization zone group name\",\"vulnerability_last_changed\":\"2022-08-01\",\"vulnerability_status\":\"Fixed\",\"retired_since\":\"2022-08-01\",\"machine_type\":\"machine type\",\"managed_by\":[\"managed by\"],\"management_services\":[\"management service\"],\"mdm_compliance_status\":\"mdm compliance status\",\"mdm_enrollment_status\":\"mdm enrollment status\",\"mdm_ownership\":\"mdm ownership\",\"mobility\":\"mobility\",\"network_scope_list\":[\"network scope\"],\"note\":\"note\",\"number_of_nics\":1,\"os_eol_date\":\"2022-08-01\",\"os_revision\":\"os revision\",\"os_subcategory\":\"os subcategory\",\"other_hostnames\":[\"other hostname\"],\"phi\":\"phi\",\"product_code\":\"product code\",\"protocol_location_list\":[\"protocol location\"],\"purdue_level_source\":\"purdue level source\",\"purdue_level\":\"purdue level\",\"recommended_firewall_group_name\":\"recommended firewall group name\",\"recommended_zone_name\":\"recommended zone name\",\"last_domain_user_activity\":\"2022-08-01\",\"last_domain_user\":\"last domain user\",\"last_scan_time\":\"2022-08-01\",\"last_seen_on_switch_list\":[\"2022-08-01\"],\"last_seen_reported\":\"2022-08-01\",\"local_name\":\"local name\",\"mac_oui_list\":[\"Randomized Locally Administered Address\"],\"end_of_life_state\":\"\",\"end_of_sale_date\":\"2022-08-01\",\"endpoint_security_names\":[\"CrowdStrike Falcon\"],\"fda_class\":\"OT\",\"financial_cost\":\"$1,000-$10,000\",\"handles_pii\":\"handles_pii\",\"http_hostnames\":[\"http hostname\"],\"http_last_seen_hostname\":\"http last seen hostname\",\"hw_version\":\"hw version\",\"integration_types_reported_from\":[\"integration type\"],\"integrations_reported_from\":[\"integration\"],\"ip_assignment_list\":[\"Static\"],\"ise_authentication_method_list\":[\"ise authentication method\"],\"ise_endpoint_profile_list\":[\"ise endpoint profile\"],\"ise_identity_group_list\":[\"ise identity group\"],\"ise_logical_profile_list\":[\"ise logical profile\"],\"ise_security_group_description_list\":[\"ise security group description\"],\"ise_security_group_name_list\":[\"ise security group name\"],\"ise_security_group_tag_list\":[\"ise security group tag\"],\"is_online\":false,\"equipment_class\":\"OT\",\"edr_last_scan_time\":\"2022-08-01\",\"end_of_life_date\":\"2022-08-01\",\"cppm_service_list\":[\"cppm service\"],\"data_sources_seen_reported_from\":[\"81.2.69.142\"],\"dhcp_fingerprint\":\"dhcp fingerprint\",\"dhcp_hostnames\":[\"dhcp hostname\"],\"dhcp_last_seen_hostname\":\"dhcp last seen hostname\",\"edge_hosts_seen_reported_from\":[\"81.2.69.142\"],\"edge_locations_seen_reported_from\":[\"81.2.69.142\"],\"edge_locations\":[\"edge location\"],\"edr_is_up_to_date_text\":\"edr is up to date text\",\"cmms_floor\":\"cmms_floor\",\"cmms_last_pm\":\"cmms_last_pm\",\"cmms_location\":\"cmms_location\",\"cmms_manufacturer\":\"cmms_manufacturer\",\"cmms_model\":\"cmms_model\",\"cmms_ownership\":\"cmms_ownership\",\"cmms_owning_cost_center\":\"cmms_owning_cost_center\",\"cmms_room\":\"cmms_room\",\"cmms_serial_number\":\"cmms_serial_number\",\"cmms_state\":\"cmms_state\",\"cmms_technician\":\"cmms_technician\",\"collection_interfaces_seen_reported_from\":[\"81.2.69.142\"],\"collection_interfaces\":[\"81.2.69.142\"],\"collection_servers_seen_reported_from\":[\"81.2.69.142\"],\"collection_servers\":[\"81.2.69.142\"],\"connection_paths\":[\"connection path\"],\"connection_type_list\":[\"connection type\"],\"consequence_of_failure\":\"consequence of failure\",\"cppm_authentication_status_list\":[\"cppm authentication status\"],\"cmms_financial_cost\":0,\"cmms_asset_tag\":\"cmms_asset_tag\",\"cmms_building\":\"cmms_building\",\"cmms_campus\":\"cmms_campus\",\"cmms_department\":\"cmms_department\",\"cmms_asset_purchase_cost\":0,\"active_queries_seen_reported_from\":[\"175.16.199.0\"],\"ad_description\":\"ad description\",\"ad_distinguished_name\":\"ad distinguished name\",\"ae_titles\":[\"ae title\"],\"ap_location_list\":[\"ap location\"],\"ap_name_list\":[\"ap name\"],\"applied_acl_list\":[],\"applied_acl_type_list\":[\"app\"],\"asset_id\":\"xsdq1\",\"battery_level\":\"10\",\"bssid_list\":[\"00:00:00:00:00:00\"],\"assignees\":[\"3rd Party SOC (Group)\",\"Dylan Mak\",\"Jose Alegria\",\"Security Group (Group)\"],\"device_category\":\"OT\",\"effective_likelihood_subscore_points\":43.435616,\"effective_likelihood_subscore\":\"Very Low\",\"first_seen_list\":[\"2025-01-22T22:29:10.013719+00:00\"],\"impact_subscore_points\":75,\"impact_subscore\":\"Critical\",\"insecure_protocols_points\":0,\"insecure_protocols\":\"Very Low\",\"internet_communication\":\"No\",\"ip_list\":[\"67.43.156.0\"],\"known_vulnerabilities_points\":71.69265,\"known_vulnerabilities\":\"High\",\"labels\":[\"Criticidad alta\",\"Exposed EOL Asset\",\"Exposed OT Asset\",\"Linea 1\",\"Look into this\",\"OT Internet Klabin\"],\"last_seen_list\":[\"2025-03-13T02:28:48.626542+00:00\"],\"likelihood_subscore_points\":63.875904,\"likelihood_subscore\":\"High\",\"network_list\":[\"Industrial\"],\"retired\":false,\"site_group_name\":\"Sample Site Group\",\"site_name\":\"Sample Site\",\"device_subcategory\":\"Control\",\"uid\":\"25d8183d-eb78-4c73-a1d3-3eaed076a837\",\"manufacturer\":\"Rockwell Automation\",\"model\":\"sample\",\"model_family\":\"sample_family\",\"serial_number\":\"1234\",\"risk_score_points\":10,\"risk_score\":\"Medium\",\"domains\":[\"Domain A\"],\"mac_list\":[\"00:00:00:00:00:00\"],\"device_name\":\"Sample Device\",\"os_category\":\"Unix\",\"combined_os\":\"Unix\",\"os_name\":\"Unix\",\"os_version\":\"1.0.0\",\"device_type\":\"Sample Device\",\"authentication_user_list\":[\"user1\"],\"vlan_list\":[\"vlan1\"],\"vlan_name_list\":[\"vlan name\"]}", + "original": "{\"vulnerability_last_updated\":\"2022-08-01\",\"vulnerability_info\":{\"affected_medical_devices_count\":10,\"cvss_v3_vector_string\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N\",\"cvss_v2_score\":3.2,\"cvss_v3_score\":5.4,\"epss_score\":0.00133,\"affected_devices_count\":0,\"affected_products\":null,\"source_url\":\"https://localhost:8080/vulnerabilities/CVE-2020-26147\",\"id\":\"APZMJRV\",\"is_known_exploited\":false,\"sources\":[{\"url\":\"https://localhost:8080/vuln/detail/CVE-2020-26147\",\"name\":\"NVD\"}],\"cvss_v2_exploitability_subscore\":3.2,\"affected_ot_devices_count\":0,\"adjusted_vulnerability_score\":4.8359456,\"description\":\"CVE-2020-26147 - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.\",\"affected_it_devices_count\":0,\"vulnerability_type\":\"Platform\",\"cve_ids\":[\"CVE-2020-26147\"],\"name\":\"CVE-2020-26147\",\"source_name\":\"NVD\",\"published_date\":\"2025-05-11T01:21:05.359000Z\",\"cvss_v2_vector_string\":\"AV:A/AC:H/Au:N/C:P/I:P/A:N\",\"vulnerability_priority_group\":null,\"cvss_v3_exploitability_subscore\":1.2,\"affected_iot_devices_count\":0,\"affected_potentially_relevant_devices_count\":0,\"vulnerability_note\":null,\"vulnerability_assignees\":[],\"exploits_count\":null,\"affected_fixed_devices_count\":0,\"affected_confirmed_devices_count\":0,\"adjusted_vulnerability_score_level\":\"Medium\",\"vulnerability_labels\":[],\"affected_irrelevant_devices_count\":0},\"slot_cards\":{\"racks\":[{\"cards\":[{\"uid\":\"3b6c4639-3743-4362-b38a-d1edcde189b1\",\"slot_number\":0,\"name\":null,\"card_type\":\"CPU\",\"model\":\"1756-L7SP/B LOGIXSAFETY\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V24.012\",\"serial_number\":\"00172DC0\"},{\"uid\":\"f1495b05-2262-4726-b604-aff5034d4e0f\",\"slot_number\":1,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1756-OB16E/A DCOUT EFUSE\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V3.003\",\"serial_number\":\"000F75F0\"},{\"uid\":\"6ec98e76-9a29-4f9c-b259-d000f3009e02\",\"slot_number\":2,\"name\":null,\"card_type\":\"CPU\",\"model\":\"1756-L73S/B LOGIX5573 SAFETY\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V32.011\",\"serial_number\":\"00140557\"},{\"uid\":\"954e50eb-3c06-4208-b837-52a93a079a52\",\"slot_number\":3,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1756-IB32/B DCIN\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V3.005\",\"serial_number\":\"001D1DF9\"},{\"uid\":\"8d6b1ff5-774a-4b70-8c8d-bf035ef1dd54\",\"slot_number\":4,\"name\":null,\"card_type\":\"Network Card\",\"model\":\"MVI56E-MCM\",\"vendor\":\"ProSoft\",\"sw_version\":\"V3.007\",\"serial_number\":\"001B57F9\",\"ip\":\"67.43.156.0\",\"mac\":\"00:0d:8d:d8:74:63\"},{\"uid\":\"a31ea446-580e-4b3d-8923-3661bf28d429\",\"slot_number\":5,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1756-IF16/A\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V1.005\",\"serial_number\":\"0016F448\"},{\"uid\":\"63131aa8-d0f1-45a0-832b-fc397639b7e4\",\"slot_number\":6,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1746-IB16 16-Input (SINK) 24 VDC\",\"vendor\":\"Rockwell Automation\",\"sw_version\":null,\"serial_number\":\"001D0134\"},{\"uid\":\"96430c94-4782-4f12-9e00-c97383897f0c\",\"slot_number\":7,\"name\":null,\"card_type\":\"Network Card\",\"model\":\"1756-EN2T/D\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V11.002\",\"serial_number\":\"0019410D\",\"ip\":\"81.2.69.142\",\"mac\":\"40:41:01:fe:ad:41\"},{\"uid\":\"e2444831-3b05-4467-aeac-7deb87b717a7\",\"slot_number\":8,\"name\":null,\"card_type\":\"I/O\",\"model\":\"1746-IA16 16-Input 100/120 VAC\",\"vendor\":\"Rockwell Automation\",\"sw_version\":\"V3.005\",\"serial_number\":\"001252EE\"}],\"number_of_slots\":9}],\"cards_count\":9},\"snmp_hostnames\":[\"snmp hostname\"],\"snmp_last_seen_hostname\":\"snmp last seen hostname\",\"software_or_firmware_version\":\"software or firmware version\",\"ssid_list\":[\"ssid\"],\"suspicious\":[\"suspicious\"],\"switch_group_name_list\":[\"switch group name\"],\"switch_ip_list\":[\"81.2.69.142\"],\"switch_location_list\":[\"switch location\"],\"switch_mac_list\":[\"switch mac\"],\"switch_name_list\":[\"switch name\"],\"switch_port_description_list\":[\"switch port description\"],\"switch_port_list\":[\"switch port\"],\"device_type_family\":\"device type family\",\"visibility_score_level\":\"Fair\",\"visibility_score\":65,\"vlan_description_list\":[\"vlan description\"],\"wifi_last_seen_list\":[\"2222-01-22T22:29:10.013719+00:00\"],\"windows_hostnames\":[\"windows hostname\"],\"windows_last_seen_hostname\":\"windows last seen hostname\",\"wireless_encryption_type_list\":[\"wireless encryption type\"],\"wlc_location_list\":[\"wlc location\"],\"wlc_name_list\":[\"wlc name\"],\"vulnerability_source\":\"Claroty\",\"vulnerability_relevance\":\"Confirmed\",\"avg_in_use_per_day\":12,\"avg_online_per_day\":12,\"avg_examinations_per_day\":12,\"operating_hours_pattern_name\":\"operating hours pattern name\",\"utilization_rate\":1,\"activity_rate\":1,\"organization_firewall_group_name\":\"organization firewall group name\",\"organization_zone_name\":\"organization zone group name\",\"vulnerability_last_changed\":\"2022-08-01\",\"vulnerability_status\":\"Fixed\",\"retired_since\":\"2022-08-01\",\"machine_type\":\"machine type\",\"managed_by\":[\"managed by\"],\"management_services\":[\"management service\"],\"mdm_compliance_status\":\"mdm compliance status\",\"mdm_enrollment_status\":\"mdm enrollment status\",\"mdm_ownership\":\"mdm ownership\",\"mobility\":\"mobility\",\"network_scope_list\":[\"network scope\"],\"note\":\"note\",\"number_of_nics\":1,\"os_eol_date\":\"2022-08-01\",\"os_revision\":\"os revision\",\"os_subcategory\":\"os subcategory\",\"other_hostnames\":[\"other hostname\"],\"phi\":\"phi\",\"product_code\":\"product code\",\"protocol_location_list\":[\"protocol location\"],\"purdue_level_source\":\"purdue level source\",\"purdue_level\":\"purdue level\",\"recommended_firewall_group_name\":\"recommended firewall group name\",\"recommended_zone_name\":\"recommended zone name\",\"last_domain_user_activity\":\"2022-08-01\",\"last_domain_user\":\"last domain user\",\"last_scan_time\":\"2022-08-01\",\"last_seen_on_switch_list\":[\"2022-08-01\"],\"last_seen_reported\":\"2022-08-01\",\"local_name\":\"local name\",\"mac_oui_list\":[\"Randomized Locally Administered Address\"],\"end_of_life_state\":\"\",\"end_of_sale_date\":\"2022-08-01\",\"endpoint_security_names\":[\"CrowdStrike Falcon\"],\"fda_class\":\"OT\",\"financial_cost\":\"$1,000-$10,000\",\"handles_pii\":\"handles_pii\",\"http_hostnames\":[\"http hostname\"],\"http_last_seen_hostname\":\"http last seen hostname\",\"hw_version\":\"hw version\",\"integration_types_reported_from\":[\"integration type\"],\"integrations_reported_from\":[\"integration\"],\"ip_assignment_list\":[\"Static\"],\"ise_authentication_method_list\":[\"ise authentication method\"],\"ise_endpoint_profile_list\":[\"ise endpoint profile\"],\"ise_identity_group_list\":[\"ise identity group\"],\"ise_logical_profile_list\":[\"ise logical profile\"],\"ise_security_group_description_list\":[\"ise security group description\"],\"ise_security_group_name_list\":[\"ise security group name\"],\"ise_security_group_tag_list\":[\"ise security group tag\"],\"is_online\":false,\"equipment_class\":\"OT\",\"edr_last_scan_time\":\"2022-08-01\",\"end_of_life_date\":\"2022-08-01\",\"cppm_service_list\":[\"cppm service\"],\"data_sources_seen_reported_from\":[\"81.2.69.142\"],\"dhcp_fingerprint\":\"dhcp fingerprint\",\"dhcp_hostnames\":[\"dhcp hostname\"],\"dhcp_last_seen_hostname\":\"dhcp last seen hostname\",\"edge_hosts_seen_reported_from\":[\"81.2.69.142\"],\"edge_locations_seen_reported_from\":[\"81.2.69.142\"],\"edge_locations\":[\"edge location\"],\"edr_is_up_to_date_text\":\"edr is up to date text\",\"cmms_floor\":\"cmms_floor\",\"cmms_last_pm\":\"cmms_last_pm\",\"cmms_location\":\"cmms_location\",\"cmms_manufacturer\":\"cmms_manufacturer\",\"cmms_model\":\"cmms_model\",\"cmms_ownership\":\"cmms_ownership\",\"cmms_owning_cost_center\":\"cmms_owning_cost_center\",\"cmms_room\":\"cmms_room\",\"cmms_serial_number\":\"cmms_serial_number\",\"cmms_state\":\"cmms_state\",\"cmms_technician\":\"cmms_technician\",\"collection_interfaces_seen_reported_from\":[\"81.2.69.142\"],\"collection_interfaces\":[\"81.2.69.142\"],\"collection_servers_seen_reported_from\":[\"81.2.69.142\"],\"collection_servers\":[\"81.2.69.142\"],\"connection_paths\":[\"connection path\"],\"connection_type_list\":[\"connection type\"],\"consequence_of_failure\":\"consequence of failure\",\"cppm_authentication_status_list\":[\"cppm authentication status\"],\"cmms_financial_cost\":0,\"cmms_asset_tag\":\"cmms_asset_tag\",\"cmms_building\":\"cmms_building\",\"cmms_campus\":\"cmms_campus\",\"cmms_department\":\"cmms_department\",\"cmms_asset_purchase_cost\":0,\"active_queries_seen_reported_from\":[\"175.16.199.0\"],\"ad_description\":\"ad description\",\"ad_distinguished_name\":\"ad distinguished name\",\"ae_titles\":[\"ae title\"],\"ap_location_list\":[\"ap location\"],\"ap_name_list\":[\"ap name\"],\"applied_acl_list\":[],\"applied_acl_type_list\":[\"app\"],\"asset_id\":\"xsdq1\",\"battery_level\":\"10\",\"bssid_list\":[\"00:00:00:00:00:00\"],\"assignees\":[\"3rd Party SOC (Group)\",\"Dylan Mak\",\"Jose Alegria\",\"Security Group (Group)\"],\"device_category\":\"OT\",\"effective_likelihood_subscore_points\":43.435616,\"effective_likelihood_subscore\":\"Very Low\",\"first_seen_list\":[\"2025-01-22T22:29:10.013719+00:00\"],\"impact_subscore_points\":75,\"impact_subscore\":\"Critical\",\"insecure_protocols_points\":0,\"insecure_protocols\":\"Very Low\",\"internet_communication\":\"No\",\"ip_list\":[\"67.43.156.0\"],\"known_vulnerabilities_points\":71.69265,\"known_vulnerabilities\":\"High\",\"labels\":[\"Criticidad alta\",\"Exposed EOL Asset\",\"Exposed OT Asset\",\"Linea 1\",\"Look into this\",\"OT Internet Klabin\"],\"last_seen_list\":[\"2025-03-13T02:28:48.626542+00:00\"],\"likelihood_subscore_points\":63.875904,\"likelihood_subscore\":\"High\",\"network_list\":[\"Industrial\"],\"retired\":false,\"site_group_name\":\"Sample Site Group\",\"site_name\":\"Sample Site\",\"device_subcategory\":\"Control\",\"uid\":\"25d8183d-eb78-4c73-a1d3-3eaed076a837\",\"manufacturer\":\"Rockwell Automation\",\"model\":\"sample\",\"model_family\":\"sample_family\",\"serial_number\":\"1234\",\"risk_score_points\":10,\"risk_score\":\"Medium\",\"domains\":[\"Domain A\"],\"mac_list\":[\"00:00:00:00:00:00\"],\"device_name\":\"Sample Device\",\"os_category\":\"Unix\",\"combined_os\":\"Unix\",\"os_name\":\"Unix\",\"os_version\":\"1.0.0\",\"device_type\":\"Sample Device\",\"authentication_user_list\":[\"user1\"],\"vlan_list\":[\"vlan1\"],\"vlan_name_list\":[\"vlan name\"]}", "risk_score": 10.0, "severity": 47, "type": [