本升级包为入侵检测特征库升级包，仅支持在固件版本V5.6R10F00SP03之上，引擎版本V5.6R10F00SP03及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为V5.6R10F29525。

新增系统规则320条，新增工控系统规则36条，新增IoT设备规则9条

注意事项：
1. 该升级包升级后需要重启系统方可生效，请选择合适的时间升级。

本升级包为入侵检测特征库升级包，仅支持在固件版本V5.6R10F00之上，引擎版本V5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为V5.6R10F27845。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25591]:Webmin 远程代码执行漏洞(CVE-2022-0824)
2. 攻击[25592]:NginxProxyManager Proxy Host 存储型跨站脚本漏洞(CVE-2022-28379)
3. 攻击[25593]:Lansweeper Lansweeper HelpdeskSetupActions SQL注入漏洞(CVE-2022-22149)
4. 攻击[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL注入漏洞(CVE-2017-17420)
5. 攻击[25581]:SolarWinds SRM Profiler SQL注入漏洞(CVE-2016-4350)
6. 攻击[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS漏洞(CVE-2017-7309)
7. 攻击[25585]:Oracle E-Business Suite General Ledger SQL注入漏洞(CVE-2019-2638)
8. 攻击[25589]:Netgate pfSense diag_routes.php 命令注入漏洞(CVE-2021-41282)
9. 攻击[25590]:SalesAgility SuiteCRM 远程代码执行漏洞(CVE-2022-23940)
10. 攻击[41896]:Goby工具扫描攻击探测
11. 攻击[41897]:Xray工具扫描攻击探测
12. 攻击[25578]:Spring Security 认证绕过漏洞(CVE-2022-22978)
13. 攻击[25576]:Lansweeper lansweeper WebUserActions存储型跨站脚本漏洞(CVE-2022-21145)
14. 攻击[25577]:Oracle Access Manager OpenSSO Agent不安全反序列化漏洞(CVE-2021-35587)
15. 攻击[10531]:HAProxy HTTP 头处理拒绝服务漏洞(CVE-2022-0711)
16. 攻击[25579]:WordPress Photo Gallery Plugin存储型跨站脚本漏洞(CVE-2022-0750)
17. 攻击[25573]:WordPress Photo Gallery插件SQL注入漏洞(CVE-2022-1281)
18. 攻击[25574]:WordPress All-in-One WP Migration 插件目录遍历漏洞(CVE-2022-1476)
19. 攻击[25575]:WordPress TI WooCommerce Wishlist插件SQL注入漏洞 (CVE-2022-0412)
20. 攻击[25570]:Tiny File Manager tinyfilemanager.php fullpath目录遍历漏洞(CVE-2021-45010)
21. 攻击[25571]:Confluence Server and Data Center Unauthenticated远程代码执行漏洞(CVE-2022-26134)
22. 攻击[41895]:Fscan webtitle攻击探测
23. 攻击[25564]:Vmware Workspace One Access服务端模板注入漏洞(CVE-2022-22954)
24. 攻击[25566]:Lansweeper GetAssetsByGroupId SQL注入漏洞(CVE-2022-21234)
25. 攻击[25567]:VMware 认证绕过漏洞(CVE-2022-22972)
26. 攻击[25568]:Microsoft Windows Support Diagnostic Tool远程代码执行漏洞(CVE-2022-30190)
27. 攻击[25565]:Apache APISIX batch-requests 远程代码执行漏洞(CVE-2022-24112)
28. 攻击[25560]:Apache CouchDB 远程代码执行漏洞(CVE-2022-24706)
29. 攻击[25561]:Webmin 命令注入漏洞 (CVE-2019-15642)
30. 攻击[25563]:Spring Boot H2 Database 远程命令执行漏洞 (CVE-2021-42392)
31. 攻击[25562]:Windows Network File System 远程代码执行漏洞(CVE-2022-26937)
32. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)
33. 攻击[25558]:ZZZCMS远程执行代码漏洞(CVE-2021-32605)
34. 攻击[25559]:Dolibarr ERP and CRM 代码注入漏洞( CVE-2022-0819)

更新规则:
1. 攻击[25182]:nps http内网代理连接
2. 应用:ssl
3. 攻击[24891]:Advantech WISE-PaaS/RMM SQL注入漏洞(CVE-2019-18229)
4. 攻击[41820]:HTTP CRLF注入攻击
5. 攻击[41781]:FRP内网穿透工具通信
6. 攻击[41782]:FRP内网穿透工具 - 通过域名访问
7. 应用:pop3
8. 攻击[22915]:Microsoft IE内存破坏漏洞(CVE-2013-3914)(MS13-088)
9. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)
10. 应用:mqtt
11. 攻击[41820]:HTTP CRLF注入攻击
12. 攻击[25556]:CISCO ASA任意文件读取漏洞(CVE-2020-3452)
13. 攻击[23991]:Fastjson远程代码执行漏洞
14. 攻击[41766]:哥斯拉Godzilla Webshell JSP脚本上传
15. 攻击[25213]:Apache Shiro身份验证绕过漏洞(CVE-2020-11989)
16. 攻击[41887]:Ngrok内网穿透工具通信
17. 攻击[24835]:Discuz ML远程代码执行漏洞(CVE-2019-13956)

注意事项:
1. 该升级包升级后需要重启系统方可生效，请选择合适的时间升级。

NSFOCUS IDS-ICS product signature upgrade package, depends on firmware version at least V5.6R10F00 and engine version V5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to V5.6R10F27845. This package include changed rules:

new rules:
1. threat[25591]:Webmin Remote Code Execution Vulnerability(CVE-2022-0824)
2. threat[25592]:NginxProxyManager Proxy Host Stored Cross-Site Scripting Vulnerability (CVE-2022-28379)
3. threat[25593]:Lansweeper lansweeper HelpdeskSetupActions SQL Injection Vulnerability (CVE-2022-22149)
4. threat[25582]:Quest NetVault Backup NVBUJobCountHistory Get Method SQL Injection Vulnerability(CVE-2017-17420)
5. threat[25581]:SolarWinds SRM Profiler SQL Injection Vulnerability(CVE-2016-4350)
6. threat[25583]:Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS Vulnerability(CVE-2017-7309)
7. threat[25585]:Oracle E-Business Suite General Ledger SQL Injection Vulnerability(CVE-2019-2638)
8. threat[25589]:Netgate pfSense diag_routes.php Command Injection Vulnerability(CVE-2021-41282)
9. threat[25590]:SalesAgility SuiteCRM email_recipients Remote Code Execution Vulnerability(CVE-2022-23940)
10. threat[41896]:Goby scan attack detection
11. threat[41897]:Xray scan attack detection
12. threat[25578]:Spring Security Authentication Bypass Vulnerability(CVE-2022-22978)
13. threat[25576]:Lansweeper lansweeper WebUserActions Stored Cross-Site Scripting Vulnerability(CVE-2022-21145)
14. threat[25577]:Oracle Access Manager OpenSSO Agent Insecure Deserialization(CVE-2021-35587)
15. threat[10531]:HAProxy Set-Cookie2 Header Handling Denial of Service Vulnerability (CVE-2022-0711)
16. threat[25579]:WordPress Photo Gallery Plugin Stored Cross Site Scripting Vulnerability(CVE-2022-0750)
17. threat[25573]:WordPress Photo Gallery Plugin filter_tag SQL Injection Vulnerability(CVE-2022-1281)
18. threat[25574]:WordPress All-in-One WP Migration Plugin Backups Directory Traversal Vulnerability(CVE-2022-1476)
19. threat[25575]:WordPress TI WooCommerce Wishlist Plugin SQL Injection Vulnerability (CVE-2022-0412)
20. threat[25570]:Tiny File Manager tinyfilemanager.php fullpath Directory Traversal Vulnerability(CVE-2021-45010)
21. threat[25571]:Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability(CVE-2022-26134)
22. threat[41895]:Fscan Webtitle attack detection
23. threat[25564]:Vmware Workspace One Access Server Template Injection Vulnerability(CVE-2022-22954)
24. threat[25566]:Lansweeper GetAssetsByGroupId SQL Injection Vulnerability(CVE-2022-21234)
25. threat[25567]:VMware Authentication Bypass Vulnerability(CVE-2022-22972)
26. threat[25568]:Microsoft Windows Support Diagnostic Tool Remote Code Execution Vulnerability(CVE-2022-30190)
27. threat[25565]:Apache APISIX batch-requests Remote Code Execution Vulnerability (CVE-2022-24112)
28. threat[25560]:Apache CouchDB Remote Code Execution Vulnerability(CVE-2022-24706)
29. threat[25561]:Webmin Command Injection Vulnerability (CVE-2019-15642)
30. threat[25563]:Spring Boot H2 Database RCE Vulnerability (CVE-2021-42392)
31. threat[25562]:Windows Network File System Remote Code Execution Vulnerability(CVE-2022-26937)
32. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)
33. threat[25558]:ZZZCMS Remote Code Execution Vulnerability (CVE-2021-32605)
34. threat[25559]:Dolibarr ERP and CRM Code Injection Vulnerability( CVE-2022-0819)

update rules:
1. threat[25182]:nps http proxy connection
2. app:ssl
3. threat[24891]:Advantech WISE-PaaS/RMM SQL Injection Vulnerability(CVE-2019-18229)
4. threat[41820]:HTTP CRLF Injection Attack
5. threat[41781]:Communication of FRP Intranet Penetration Tool
6. threat[41782]:FRP intranet penetration tool - Access via domain name
7. app:pop3
8. threat[22915]:Microsoft Internet Explorer Memory Corruption Vulnerability(CVE-2013-3914)(MS13-088)
9. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)
10. app:mqtt
11. threat[41820]:HTTP CRLF Injection Attack
12. threat[25556]:CISCO ASA Arbitrary File Read Vulnerability(CVE-2020-3452)
13. threat[23991]:Fastjson Remote Code Execution Vulnerability
14. threat[41766]:Godzilla Webshell JSP Scripts Upload
15. threat[25213]:Apache Shiro Authentication Bypass Vulnerability(CVE-2020-11989)
16. threat[41887]:Ngrok Intranet Penetration Tool Communication
17. threat[24835]:Discuz ML RCE Vulnerability (CVE-2019-13956)

Announcements:
1. After update the package, the system needs to restart, please update on a suitable time.

本升级包为入侵检测特征库升级包，仅支持在固件版本V5.6R10F00之上，引擎版本V5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变，规则版本变为V5.6R10F27527。该升级包新增/改进的规则有:

新增规则:
1. 攻击[25552]:Ruby On Rails 目录穿越漏洞(CVE-2018-3760)
2. 攻击[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL注入漏洞(CVE-2022-0169)
3. 攻击[25554]:Siemens SINEC NMS SQL注入漏洞(CVE-2021-33732)
4. 攻击[25555]:F5 BIG-IP 认证绕过漏洞(CVE-2022-1388)
5. 攻击[25548]:齐治堡垒机命令执行漏洞
6. 攻击[25549]:Spring Boot Eureka XStream 反序列化远程代码执行漏洞
7. 攻击[25550]:Jackson-Databind 反序列化远程代码执行漏洞(CVE-2017-17485)
8. 攻击[25551]:用友NC未授权反序列化漏洞

更新规则:
1. 攻击[20171]:Microsoft IIS 4.0/5.0 CGI文件名错误解码攻击
2. 攻击[24257]:Pivotal Spring Framework isWritableProperty SpEL 表达式注入漏洞(CVE-2018-1273)
3. 攻击[30748]:DiscuzX前台任意文件删除漏洞
4. 攻击[24834]:Discuz7.x discuzcode.func.php远程代码执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效，请选择合适的时间升级。

NSFOCUS IDS-ICS product signature upgrade package, depends on firmware version at least V5.6R10F00 and engine version V5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to V5.6R10F27527. This package include changed rules:

new rules:
1. threat[25552]:Ruby On Rails Directory Traversal Vulnerability(CVE-2018-3760)
2. threat[25553]:WordPress Photo Gallery Plugin bwg_tag_id_bwg_thumbnails_0 SQL Injection Vulnerability(CVE-2022-0169)
3. threat[25554]:Siemens SINEC NMS SQL Injection Vulnerability(CVE-2021-33732)
4. threat[25555]:F5 BIG-IP Authentication Bypass Vulnerabilities(CVE-2022-1388)
5. threat[25548]:Shterm Security Management System Command Execution Vulnerability
6. threat[25549]:Spring Boot Eureka XStream Deserializable Remote Code Execution Vulnerability
7. threat[25550]:Jackson-Databind deserialization remote code execution vulnerability(CVE-2017-17485)
8. threat[25551]:Yonyou NC Unauthorized Deserialization Vulnerability

update rules:
1. threat[20171]:Microsoft IIS 4.0/5.0 CGI Filename Incorrect Decoding Vulnerability
2. threat[24257]:Pivotal Spring Framework isWritableProperty SpEL Injection Vulnerability(CVE-2018-1273)
3. threat[30748]:Discuz X foreground any file deletion vulnerability
4. threat[24834]:Discuz7.x discuzcode.func.php RCE Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, please update on a suitable time.