{"id":50154,"date":"2022-05-16T09:40:25","date_gmt":"2022-05-16T01:40:25","guid":{"rendered":"https:\/\/version-2.com\/?p=50154"},"modified":"2022-05-30T10:42:09","modified_gmt":"2022-05-30T02:42:09","slug":"looking-into-cisas-top-15-routinely-exploited-vulnerabilities","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/05\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\/","title":{"rendered":"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"50154\" class=\"elementor elementor-50154\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a9966c4 post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a9966c4\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;437ef7f&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2884b38\" data-id=\"2884b38\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-980bf1e elementor-widget elementor-widget-text-editor\" data-id=\"980bf1e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p align=\"center\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/blog.scadafence.com\/hubfs\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1\" alt=\"\" height=\"379\" width=\"757\"><\/p>\n<p>On April 27, the Cybersecurity and Infrastructure Security Agency (CISA), published a <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-117a\"><span>joint advisory<\/span><\/a> in collaboration with CSA\/NSA\/FBI\/ACSC and other cybersecurity authorities, providing details on the top 15 vulnerabilities routinely exploited by threat actors in 2021,and other CVEs frequently exploited.<\/p>\n<p><\/p><div id=\"more-49993\" bis_skin_checked=\"1\"><\/div><p><\/p>\n<p>Nine of the top 15 routinely exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation weaknesses, potentially allowing threat actors to remotely take over systems.&nbsp;<\/p>\n<p>Unpatched devices and systems can serve as an easy network entry point for threat actors, as they provide attackers with a reliable and efficient Initial Access method. A number of these vulnerabilities were seen as a part of ransomware attack vectors, one of today\u2019s top threats to operational technology.<\/p>\n<p>Many of these vulnerabilities share characteristics that make them widely exploitable: They affect widely used systems, where the vulnerability can be present in multiple systems.<\/p>\n<p>In the past year, threat actors targeted internet-facing systems, such as email servers and VPN servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, a proof of concept code was released within two weeks of the vulnerability\u2019s disclosure. (Read more about when to patch or not patch, <a href=\"https:\/\/blog.scadafence.com\/to-patch-or-not-to-patch-in-ot\"><span>here<\/span><\/a>).&nbsp;&nbsp;<\/p>\n<p>Malicious threat actors continued exploiting publicly known vulnerabilities, demonstrating the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.<\/p>\n<h2 style=\"font-size: 24px;\">The Top 15 Routinely Exploited Vulnerabilities<\/h2>\n<p>The top vulnerabilities detail how threat actors exploited newly disclosed vulnerabilities in popular services, aiming to create a massive and extended impact on organizations.<\/p>\n<p>Nine of the top 15 routinely exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation weaknesses.<\/p>\n<p>Following are the most exploited vulnerabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\"><strong><span>CVE-2021-44228<\/span><\/strong><\/a> \u2013 this vulnerability, known as Log4Shell, affects the Apache Log4j library, an open-source logging framework. Exploiting this vulnerability allows threat actors to control java-based web servers and launch remote code execution attacks.&nbsp;<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-1472\"><strong><span>CVE-2020-1472<\/span><\/strong><\/a> \u2013 this vulnerability, known as ZeroLogon, affects Microsoft\u2019s Active Directory Netlogon Remote Protocol. Exploiting this vulnerability allows an attacker to establish a vulnerable Netlogon secure channel connection to a domain controller.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11510\"><strong><span>CVE-2019-11510<\/span><\/strong><\/a> \u2013 this vulnerability affects Pulse Connect Secure. Successful exploitation of this vulnerability allows an unauthenticated remote attacker to perform an arbitrary file reading.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-13379\"><strong><span>CVE-2018-13379<\/span><\/strong><\/a> \u2013 this vulnerability affects Fortinet\u2019s FortiGate SSL VPN. Exploitation of this vulnerability could allow an unauthenticated attacker to read arbitrary files.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-26855\"><strong><span>CVE-2021-26855<\/span><\/strong><\/a><strong>, <\/strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-26858\"><strong><span>CVE-2021-26858<\/span><\/strong><\/a><strong>, <\/strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-26857\"><strong><span>CVE-2021-26857<\/span><\/strong><\/a><strong>, <\/strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-27065\"><strong><span>CVE-2021-27065<\/span><\/strong><\/a> \u2013 these vulnerabilities, known as ProxyLogon, affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities allows unauthenticated attackers to execute arbitrary code on vulnerable Exchange Servers and compromise trust and identity in a vulnerable network.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-34523\"><strong><span>CVE-2021-34523<\/span><\/strong><\/a><strong>, <\/strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-34473\"><strong><span>CVE-2021-34473<\/span><\/strong><\/a><strong>, <\/strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-31207\"><strong><span>CVE-2021-31207<\/span><\/strong><\/a> \u2013 these vulnerabilities, known as ProxyShell, also affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination enables a remote actor to execute arbitrary code.&nbsp;<\/li>\n<\/ul>\n<p>As our customers are well aware, <a href=\"https:\/\/www.scadafence.com\/platform\/\"><span>The SCADAfence Platform<\/span><\/a> protects against these vulnerabilities, detects any unexpected connections to and from external devices, and detects unexpected connections to and from the Internet. These connections would trigger alerts indicating a malicious threat actor might be attempting to exploit a vulnerability.<\/p>\n<p>The platform also detects suspicious behavior based on IP reputation, hash reputation, and domain reputation.<\/p>\n<p>The SCADAfence Platform can help identify where the network is exposed to potential risks and match between exposed assets and their relative vulnerabilities.<\/p>\n<p>Additionally, the <a href=\"https:\/\/www.scadafence.com\/scadafence-remote-access-security\/\"><span>User Activity Analyzer<\/span><\/a> can be utilized to track any propagation attempts by malicious actors.<\/p>\n<h2 style=\"font-size: 24px;\">Detecting Exploitation Attempts<\/h2>\n<p>The SCADAfence Platform detects exploitation attempts of the following vulnerabilities:<\/p>\n<ul>\n<li><strong>CVE-2021-44228<\/strong> (<a href=\"https:\/\/blog.scadafence.com\/a-scadafence-update-regarding-the-log4shell-vulnerability-1\"><span>Log4Shell<\/span><\/a>) \u2013 this vulnerability was widely exploited, thousands of products use <a href=\"https:\/\/blog.scadafence.com\/detecting-alerting-log4j-with-the-scadafence-platform\"><span>Log4j<\/span><\/a> and were vulnerable to the Log4Shell exploitation.<\/li>\n<li><strong>CVE-2020-1472<\/strong> (ZeroLogon) \u2013 this vulnerability has been observed in the attack chain of ransomware actors such as <a href=\"https:\/\/blog.scadafence.com\/ransomware-attack-at-mexicos-pemex-could-have-been-avoided\"><span>Ryuk<\/span><\/a>.<\/li>\n<li><strong>CVE-2019-11510<\/strong> (Pulse) \u2013 while patches for this vulnerability were released April 2019, multiple incidents have occurred where compromised AD credentials were used months after victim organizations patched their VPN appliance.<\/li>\n<li><strong>CVE-2018-13379<\/strong> (Fortinet) \u2013 this vulnerability has been exploited routinely for over four years, and has often been used to deploy <a href=\"https:\/\/blog.scadafence.com\/how-you-should-prevent-ransomware-attacks-on-your-industrial-networks\"><span>ransomware<\/span><\/a>.<\/li>\n<\/ul>\n<p>The SCADAfence research team is constantly monitoring newly disclosed vulnerabilities, as well as routinely exploited ones, and working to continuously improve the platform\u2019s vulnerability detection abilities.<\/p>\n<h2 style=\"font-size: 24px;\">SCADAfence Researchers\u2019 Recommendations for Reducing Risk<\/h2>\n<p>Our researchers recommend taking the following measures to minimize the risk of exploitation:<\/p>\n<ul>\n<li><strong>Limit Network Exposure<\/strong> \u2013 minimize network exposure for all of your control system devices and\/or systems, and ensure they are not accessible from the Internet.<\/li>\n<li><strong>Monitor Network Traffic<\/strong> \u2013 monitor access to the production segments. In your network monitoring tool (and we know <a href=\"https:\/\/l.scadafence.com\/demo\"><span>a really good one<\/span><\/a>), create logical groups of the affected devices and define traffic rules to alert on suspicious access to them.<\/li>\n<li><strong>Monitor User Activity<\/strong> \u2013 If you\u2019re a customer, you can use the SCADAfence Platform to monitor access to the affected devices and track all of your user activities using the User Activity View.<\/li>\n<li><strong>Connect to the SCADAfence Cloud<\/strong> \u2013 Again, If you\u2019re a customer, connect your SCADAfence Platform to the SCADAfence Cloud to get the latest signature and CVE updates.<\/li>\n<\/ul>\n<p>Additional recommendations include updating your software, operating systems, applications, and firmware on IT network assets in a timely manner, while prioritizing patching known exploited vulnerabilities.&nbsp;<\/p>\n<p>If you\u2019re not a customer yet and would like to see how this works from up close, you can watch a short demo <a href=\"https:\/\/l.scadafence.com\/demo\"><span>here<\/span><\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5987d9c elementor-widget elementor-widget-shortcode\" data-id=\"5987d9c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18130\" class=\"elementor elementor-18130\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;],&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><strong>About SCADAfence<\/strong><br \/>SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT\/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world\u2019s most complex OT networks, including Europe\u2019s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On April 27, the Cybersecurity and Infrastructure Secur [&hellip;]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[417,488,61],"tags":[418,489],"class_list":["post-50154","post","type-post","status-publish","format-standard","hentry","category-scadafence","category-488","category-press-release","tag-scadafence","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities - Version 2\" \/>\n<meta property=\"og:description\" content=\"On April 27, the Cybersecurity and Infrastructure Secur [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-16T01:40:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-30T02:42:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.scadafence.com\/hubfs\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities\",\"datePublished\":\"2022-05-16T01:40:25+00:00\",\"dateModified\":\"2022-05-30T02:42:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\\\/\"},\"wordCount\":919,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1\",\"keywords\":[\"SCADAfence\",\"2022\"],\"articleSection\":[\"SCADAfence\",\"2022\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\",\"name\":\"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1\",\"datePublished\":\"2022-05-16T01:40:25+00:00\",\"dateModified\":\"2022-05-30T02:42:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage\",\"url\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1\",\"contentUrl\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities","og_locale":"zh_HK","og_type":"article","og_title":"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities - Version 2","og_description":"On April 27, the Cybersecurity and Infrastructure Secur [&hellip;]","og_url":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities","og_site_name":"Version 2","article_published_time":"2022-05-16T01:40:25+00:00","article_modified_time":"2022-05-30T02:42:09+00:00","og_image":[{"url":"https:\/\/blog.scadafence.com\/hubfs\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"6 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/05\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities","datePublished":"2022-05-16T01:40:25+00:00","dateModified":"2022-05-30T02:42:09+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/05\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\/"},"wordCount":919,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage"},"thumbnailUrl":"https:\/\/blog.scadafence.com\/hubfs\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1","keywords":["SCADAfence","2022"],"articleSection":["SCADAfence","2022","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/05\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities\/","url":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities","name":"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage"},"image":{"@id":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage"},"thumbnailUrl":"https:\/\/blog.scadafence.com\/hubfs\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1","datePublished":"2022-05-16T01:40:25+00:00","dateModified":"2022-05-30T02:42:09+00:00","breadcrumb":{"@id":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#primaryimage","url":"https:\/\/blog.scadafence.com\/hubfs\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1","contentUrl":"https:\/\/blog.scadafence.com\/hubfs\/CISA%20SCADAfence%20blog%20vulnerabilities.png?w=958&amp;ssl=1"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.scadafence.com\/looking-into-cisas-top-15-routinely-exploited-vulnerabilities#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Looking Into CISA\u2019s Top 15 Routinely Exploited Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-d2W","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/50154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=50154"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/50154\/revisions"}],"predecessor-version":[{"id":50161,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/50154\/revisions\/50161"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=50154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=50154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=50154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}