|
| Vul.ID | Vulnerability | ATT_Vector | Precondition | Postcondition | Tactics/techniques |
|
| Vul1 | LNK remote code execution | Local | USB access/crafted LNK files | Execute any code | IA/replication through removable media |
| Vul2 | Credentials leak | Local | Plaintext record file | Credential acquisition | LM/valid accounts |
| Vul3 | OS command injection | Remote | SSH password | Execute any code | LM/remote services |
| Vul4 | BITS improper privilege management | Local | USER login | Administrator (windows) | PE/exploitation for privilege escalation |
| Vul5 | Permissions and access controls | Remote | USER login | Root (linux) | PE/exploitation for privilege escalation |
| Vul6 | Memory buffer overflow | Remote | Crafted URL | Execute any code | IA/exploit public-facing application |
| Vul7 | Improper access control | Remote | Crafted e-mail messages | Execute any code | IA/exploit public-facing application |
| Vul8 | DNS server remote code execution | Remote | Malicious requests | Execute any code | IA/exploit public-facing application |
| Vul9 | Path traversal | Remote | Port scan | Credential acquisition | CA/exploitation for credential access |
| Vul10 | Plaintext credentials | Remote | Credential | Login | LM/valid accounts |
| Vul11 | SMBv3 remote code execution | Remote | USER | Execute any code | LM/exploitation of remote services |
| Vul12 | Kernel improper privilege management | Local | USER login | Root (linux) | PE/exploitation for privilege escalation |
| Vul13 | SQL server remote code execution | Remote | Incorrect page request | Execute any code | IA/exploit public-facing application |
| Vul14 | Code injection | Remote | Crafted RPC request | Execute any code | LM/exploitation of remote services |
| Vul15 | Brute force | Remote | Credential | Login | LM/valid accounts |
| Vul16 | SMB remote code execution | Remote | USER | Execute any code | LM/exploitation of remote services |
| Vul17 | Unrestricted upload of file | Remote | JSP file/HTTP request | Execute any code | IA/exploit public-facing application |
| Vul18 | Modify Configuration project | Remote | Malicious Configuration project | Impair HMI control function | P/modify program |
| Vul19 | Modify control logic | Remote | Malicious control logic | PLC denial of service | P/modify program |
| Vul20 | Modify parameters/Modes | Remote | Malicious operations | PLC denial of service | IPC/modify parameter |
| Vul21 | Plaintext control command | Remote | Crafted control command | PLC denial of service | IPC/unauthorized command message |
| Vul22 | Uncontrolled resource consumption | Remote | High volume of requests | PLC denial of service | IRF/denial of service |
| Vul23 | Fake MAC address | Remote | Scan devices/traffic forward/Modify data | PLC denial of service | C/man in the middle |
| Vul24 | Improper control | Remote | Crafted packets | PLC denial of service | E/change operating mode |
|
