CVE-2023-3595, CVE-2023-3596: Rockwell Automation ControlLogix Vulnerabilities Disclosed


</p> <p><strong>Rockwell Automation issues advisory for multiple vulnerabilities, including a critical flaw that could lead to disruption or destruction of critical infrastructure processes.</strong></p> <h2>Background</h2> <p>On July 12, Rockwell Automation <a href="https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"><u>published an advisory</u></a> for multiple vulnerabilities in its Allen-Bradley ControlLogix Communications Modules. ControlLogix Communications Modules are used in many industries and sectors, including energy, transportation and water, among others, to enable communication between machines, IT systems and remote chassis.</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>CVSSv3</strong></th> <th><strong>Severity</strong></th> </tr> </thead> <tbody> <tr> <td>CVE-2023-3595</td> <td>Rockwell Automation Allen-Bradley ControlLogix Communication Modules Remote Code Execution vulnerability</td> <td>9.8</td> <td>Critical</td> </tr> <tr> <td>CVE-2023-3596</td> <td>Rockwell Automation Allen-Bradley ControlLogix Communication Modules Denial of Service vulnerability</td> <td>7.5</td> <td>High</td> </tr> </tbody> </table> </div> <p>It is important to note these modules can be implemented in multiple logical (and physical) configurations. A 1756 ControlLogix Chassis can have up to 17 modules installed in a local chassis. It is common to have multiple network interfaces (physical network cards) configured to bridge and/or segment networks in industrial environments.</p> <h2>Analysis</h2> <p>CVE-2023-3595 is a remote code execution (RCE) vulnerability in Rockwell Automation Allen-Bradley ControlLogix Communication Modules for its 1756 EN2* and 1756 EN3* product families. An attacker could exploit this vulnerability to gain RCE on a vulnerable module by sending specially crafted common industrial protocol (CIP) messages. This risk of exploitation is amplified if the module is not segmented from the internet. Successful exploitation could give an attacker the ability to compromise the memory of a vulnerable module, enabling the attacker to:</p> <ul> <li>Manipulate the firmware of a module</li> <li>Add new functionality into a module</li> <li>Wipe the memory of a module</li> <li>Forge traffic between a module</li> <li>Obtain persistence on a module</li> </ul> <p>In addition to the compromise of the vulnerable module itself, the vulnerability could also allow an attacker to affect the industrial process along with the underlying critical infrastructure, which may result in possible disruption or destruction.</p> <p>CVE-2023-3596 is a denial of service (DoS) vulnerability in Rockwell Automation Allen-Bradley ControlLogix Communication Modules for its 1756 EN4* product family. An attacker could exploit this vulnerability to cause a DoS condition on a target system by sending specially crafted CIP messages to a vulnerable device.</p> <p>At the time this blog post was published, there was no evidence of active exploitation involving either vulnerability.</p> <h2>Solution</h2> <p>Rockwell Automation has released fixed firmware versions for certain versions of its ControlLogix modules:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th> <p><strong>ControlLogix catalog</strong></p> </th> <th> <p><strong>Series</strong></p> </th> <th> <p><strong>Affected versions</strong></p> </th> <th> <p><strong>Fixed versions</strong></p> </th> </tr> </thead> <tbody> <tr> <td rowspan="2"> <p>1756-EN2T<br />1756-EN2TK<br />1756-EN2TXT</p> </td> <td> <p>A,B,C</p> </td> <td> <p><=5.008 & 5.028</p> </td> <td> <p>5.029 for signed version (recommended)<br />5.009 for unsigned version</p> </td> </tr> <tr> <td> <p>D</p> </td> <td> <p>11.003 and lower</p> </td> <td> <p>11.004 and later</p> </td> </tr> <tr> <td> <p>1756-EN2TP<br />1756-EN2TPK<br />1756-EN2TPXT</p> </td> <td> <p>A</p> </td> <td> <p>11.003 and lower</p> </td> <td> <p>11.004 and later</p> </td> </tr> <tr> <td rowspan="2"> <p>1756-EN2TR<br />1756-EN2TRK<br />1756-EN2TRXT</p> </td> <td> <p>A,B</p> </td> <td> <p><=5.008 & 5.028</p> </td> <td> <p>5.029 for signed version (recommended)<br />5.009 for unsigned version</p> </td> </tr> <tr> <td> <p>C</p> </td> <td> <p>11.003 and lower</p> </td> <td> <p>11.004 and later</p> </td> </tr> <tr> <td rowspan="2"> <p>1756-EN2F<br />1756-EN2FK</p> </td> <td> <p>A, B</p> </td> <td> <p><=5.008 & 5.028</p> </td> <td> <p>5.029 for signed version (recommended)<br />5.009 for unsigned version</p> </td> </tr> <tr> <td> <p>C</p> </td> <td> <p>11.003 and lower</p> </td> <td> <p>11.004 and later</p> </td> </tr> <tr> <td rowspan="2"> <p>1756-EN3TR<br />1756-EN3TRK</p> </td> <td> <p>A</p> </td> <td> <p><=5.008 & 5.028</p> </td> <td> <p>5.029 for signed version (recommended)<br />5.009 for unsigned version</p> </td> </tr> <tr> <td> <p>B</p> </td> <td> <p><=11.003</p> </td> <td> <p>Update to 11.004 or later</p> </td> </tr> <tr> <td> <p>1756-EN4TR<br />1756-EN4TRK<br />1756-EN4TRXT</p> </td> <td> <p>A</p> </td> <td> <p><=5.001</p> </td> <td> <p>Update to 5.002 and later</p> </td> </tr> </tbody> </table> </div> <p>Some of the best practices include proper segmentation of control networks and utilizing intrusion detection system (IDS) signatures to help identify “anomalous Common Industrial Protocol (CIP)” traffic to vulnerable devices.</p> <h2>Identifying affected systems</h2> <p>To identify affected systems, Tenable has released the following plugins available for Tenable OT Security (formerly Tenable.ot), Tenable Vulnerability Management (formerly Tenable.io), Tenable Security Center (formerly Tenable.sc) and Tenable Nessus:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>Plugin ID</strong></th> <th><strong>Title</strong></th> <th><strong>Severity</strong></th> <th><strong>Family</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/plugins/nessus/177893"><u>177893</u></a></td> <td>Rockwell Automation ControlLogix Communications Modules Resiliency Update</td> <td>High</td> <td>SCADA</td> </tr> <tr> <td><a href="https://www.tenable.com/plugins/ot/501226"><u>501226</u></a></td> <td>Rockwell Automation ControlLogix Communications Modules Resiliency Update</td> <td>High</td> <td>Tenable OT Security</td> </tr> </tbody> </table> </div> <p>For urgency, Tenable customers can utilize the SCADA plugin to scan for vulnerable devices using Tenable Vulnerability Management, Tenable Security Center and Tenable Nessus. However, for greater visibility regarding the impact to your networks, we strongly encourage customers to utilize our Tenable OT Security plugins. For more information on using Tenable OT Security to identify vulnerable assets, please check out the blog post <a href="https://www.tenable.com/blog/finding-rockwell-automation-allen-bradley-communication-modules-affected-by-cve-2023-3595-3596">Finding Rockwell Automation Allen-Bradley Communication Modules Affected By CVE-2023-3595, CVE-2023-3596 in OT Environments</a>.</p> <p>In addition to these plugins, Tenable Research recommends customers use the following IDS event rule IDs (SIDs) in Tenable OT Security to detect potentially compromised Communications Adapters:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>SID</strong></th> <th><strong>Message</strong></th> </tr> </thead> <tbody> <tr> <td>1992000</td> <td>PROTOCOL-SCADA ENIP CIP Socket Object unconnected read with unusual length detected.</td> </tr> <tr> <td>1992001</td> <td>PROTOCOL-SCADA ENIP CIP Socket Object unconnected ucmm read with unusual length detected.</td> </tr> <tr> <td>1992002</td> <td>PROTOCOL-SCADA ENIP CIP Socket Object connected read with unusual length detected.</td> </tr> <tr> <td>1992003</td> <td>PROTOCOL-SCADA ENIP CIP Socket Object connected ucmm read with unusual length detected.</td> </tr> <tr> <td>1992004</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object unconnected parameter 1 contains unusual length.</td> </tr> <tr> <td>1992005</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object unconnected parameter 2 contains unusual length.</td> </tr> <tr> <td>1992006</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object unconnected ucmm parameter 1 contains unusual length.</td> </tr> <tr> <td>1992007</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object unconnected ucmm parameter 2 with unusual length.</td> </tr> <tr> <td>1992008</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object connected parameter 1 contains unusual length.</td> </tr> <tr> <td>1992009</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object connected parameter 2 with unusual length.</td> </tr> <tr> <td>1992010</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object connected ucmm parameter 1 contains unusual length.</td> </tr> <tr> <td>1992011</td> <td>PROTOCOL-SCADA ENIP CIP Vendor Specific Object connected ucmm parameter 2 contains unusual length.</td> </tr> </tbody> </table> </div> <p>For more information on how to utilize these SIDs in Tenable OT Security, please refer to the <a href="https://community.tenable.com/s/article/Tenable-OT-Security-Creating-new-IDS-Threat-related-Policies"><u>following knowledge base article</u></a>.</p> <p>We will update this blog post when/if additional coverage becomes available.</p> <h3>Get more information</h3> <p><b><i>Join <a href="https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts">Tenable’s Security Response Team</a> on the Tenable Community.</i></b></p> <p><b><i>Learn more about <a href="https://www.tenable.com/products/tenable-one"><u>Tenable One</u></a>, the Exposure Management Platform for the modern attack surface.</i></b></p> </div> <p><br /> <br /><a href="https://www.tenable.com/blog/cve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed">Source link </a></p> </div><!-- .entry-content --> <footer class="entry-footer"> <span class="cat-links"> Posted in <a href="https://unifiedguru.com/category/rss_virtulization/" rel="category tag">RSS_Virtulization</a> </span> </footer><!-- .entry-footer --> </article><!-- #post-## --> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://unifiedguru.com/finding-rockwell-automation-allen-bradley-communication-modules-affected-by-cve-2023-3595-and-cve-2023-3596-in-ot-environments/" rel="prev">Finding Rockwell Automation Allen-Bradley Communication Modules Affected by CVE-2023-3595 and CVE-2023-3596 in OT Environments</a></div><div class="nav-next"><a href="https://unifiedguru.com/crypto-crime-down-62-but-ransomware-activity-surges/" rel="next">Crypto Crime Down 62% but Ransomware Activity Surges</a></div></div> </nav> </main><!-- #main --> </div><!-- #primary --> <div id="secondary-right" class="widget-area secondary-sidebar f-right clearfix" role="complementary"> <div id="sidebar-section-top" class="widget-area sidebar clearfix"> <aside id="newsletterwidget-10" class="widget widget_newsletterwidget"><h3 class="widget-title"><span>Subscribe For Updates</span></h3><div class="tnp tnp-subscription tnp-widget"> <form method="post" action="https://unifiedguru.com/wp-admin/admin-ajax.php?action=tnp&na=s"> <input type="hidden" name="nr" value="widget"> <input type="hidden" name="nlang" value=""> <div class="tnp-field tnp-field-firstname"><label for="tnp-1">Name</label> <input class="tnp-name" type="text" name="nn" id="tnp-1" value="" placeholder=""></div> <div class="tnp-field tnp-field-email"><label for="tnp-2">Email</label> <input class="tnp-email" type="email" name="ne" id="tnp-2" value="" placeholder="" required></div> <div class="tnp-field tnp-privacy-field"><label><input type="checkbox" name="ny" required class="tnp-privacy"> Subscribing I accept the privacy rules of this site</label></div><div class="tnp-field tnp-field-button" style="text-align: left"><input class="tnp-submit" type="submit" value="Subscribe Now For Updates" style=""> </div> </form> </div> </aside> </div> <div id="sidebar-section-cat-one" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>VMWARE</h2> <div class="featured-post-sidebar"> <figure class="post-thumb clearfix"> <a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" ><img post-id="1207" fifu-featured="1" src="https://simoncranney.files.wordpress.com/2019/10/cropped-network.jpeg?w=200" alt="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" /></a> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>October 29, 2020</div> <h3><a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" >Helping Public Sector Organisations Define Cloud Strategy</a></h3> <p class="side-excerpt">Introduction Cloud computing services have grown exponentially in</p> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 18, 2016</div> <h3><a href="https://unifiedguru.com/how-to-change-the-vlan-id-of-the-service-console-in-esx-from-the-command-lineconsole/" title="How to change the VLAN ID of the Service Console in ESX from the command line/console" >How to change the VLAN ID of the Service Console in ESX from the command line/console</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 09, 2015</div> <h3><a href="https://unifiedguru.com/cisco-ucs-and-vmware-interfaces-vnics-ha-design-considerations/" title="Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations" >Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 07, 2015</div> <h3><a href="https://unifiedguru.com/troubleshooting-network-and-tcpudp-port-connectivity-issues-on-esxesxi2020669/" title="Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)" >Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 12, 2015</div> <h3><a href="https://unifiedguru.com/vsphere-client-parameters/" title="vSphere Client Parameters" >vSphere Client Parameters</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/vmware/" title="View All">View All</a></div> </div> </div> <div id="sidebar-section-cat-two" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>Configuration Templates</h2> <div class="featured-post-sidebar clearfix"> <figure class="post-thumb clearfix"> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 16, 2015</div> <h3><a href="https://unifiedguru.com/cue-licenses/" title="CUE Licenses" >CUE Licenses</a></h3> <p class="side-excerpt">Note: Useful LINK COPIED FROM OTHER SOURCE FOR REFERENCE INTRODUCTION</p> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 02, 2015</div> <h3><a href="https://unifiedguru.com/trouble-shooting-unity-express-with-call-manager-integeration-operational-issues/" title="Trouble shooting Unity Express with Call Manager Integeration & Operational Issues" >Trouble shooting Unity Express with Call Manager Integeration & Operational Issues</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/%ef%bb%bfcme-configuration-example-sip-trunks-to-viatalk-and-voip-ms/" title="CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms" >CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/sip-phone-registration-cme-configuration/" title="SIP Phone registration – CME Configuration" >SIP Phone registration – CME Configuration</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/cue-voicemail-vpim-networking-cue-to-unity/" title="CUE Voicemail + VPIM networking (CUE to unity)" >CUE Voicemail + VPIM networking (CUE to unity)</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/configuration-templates/" title="View All">View All</a></div> </div> </div> </div> </div><!-- #content --> </div><!-- content-wrapper--> <footer id="colophon" class="site-footer clearrfix" role="contentinfo"> <div class="wrapper footer-wrapper clearfix"> <div class="top-bottom clearfix"> <div id="footer-top"> </div><!-- #foter-top --> <div id="footer-bottom"> </div><!-- #foter-bottom --> </div><!-- top-bottom--> <div class="footer-copyright border t-center"> <p> Copyright 2016. All rights reserved </p> <div class="site-info"> <a href="https://wordpress.org/">Proudly powered by WordPress</a> <span class="sep"> | </span> Profitmag by <a href="http://rigorousthemes.com/" rel="designer">Rigorous Themes</a> </div><!-- .site-info --> </div> </div><!-- footer-wrapper--> </footer><!-- #colophon --> </div><!-- #page --> <div class="a2a_kit a2a_kit_size_32 a2a_floating_style a2a_default_style" style="bottom:0px;left:0px;background-color:#23d5db"><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed%2F&linkname=CVE-2023-3595%2C%20CVE-2023-3596%3A%20Rockwell%20Automation%20ControlLogix%20Vulnerabilities%20Disclosed" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed%2F&linkname=CVE-2023-3595%2C%20CVE-2023-3596%3A%20Rockwell%20Automation%20ControlLogix%20Vulnerabilities%20Disclosed" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_pinterest" href="https://www.addtoany.com/add_to/pinterest?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed%2F&linkname=CVE-2023-3595%2C%20CVE-2023-3596%3A%20Rockwell%20Automation%20ControlLogix%20Vulnerabilities%20Disclosed" title="Pinterest" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed%2F&linkname=CVE-2023-3595%2C%20CVE-2023-3596%3A%20Rockwell%20Automation%20ControlLogix%20Vulnerabilities%20Disclosed" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_whatsapp" href="https://www.addtoany.com/add_to/whatsapp?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed%2F&linkname=CVE-2023-3595%2C%20CVE-2023-3596%3A%20Rockwell%20Automation%20ControlLogix%20Vulnerabilities%20Disclosed" title="WhatsApp" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed%2F&linkname=CVE-2023-3595%2C%20CVE-2023-3596%3A%20Rockwell%20Automation%20ControlLogix%20Vulnerabilities%20Disclosed" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_google_gmail" href="https://www.addtoany.com/add_to/google_gmail?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed%2F&linkname=CVE-2023-3595%2C%20CVE-2023-3596%3A%20Rockwell%20Automation%20ControlLogix%20Vulnerabilities%20Disclosed" title="Gmail" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div><div class="mb_supershare_holder"> <div id="openModal" class="mb_supershare_modalDialog"> <div style="background:url(https://unifiedguru.com/wp-content/plugins/super-share/img/struckaxiom.png) repeat;"> <div class="mb_supershare_ribbon"><div class="mb_supershare_ribbon-stitches-top"></div><strong class="mb_supershare_ribbon-content"><span style="font-size: 24px; line-height: 2;"> Love This Article? Spread It. </span></strong><div class="mb_supershare_ribbon-stitches-bottom"></div></div> <div class="mb_supershare_close">X</div> <!-- facebook need this script --> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="social_icons_style" style="width:320px; margin-left:25px; margin-top:20px; margin 0 auto; overflow:visible"> <ul> <li style="overflow:hidden; width: 49px;"> <!-- facebook like button --> <div class="fb-like" data-href="https://unifiedguru.com:443/cve-2023-3595-cve-2023-3596-rockwell-automation-controllogix-vulnerabilities-disclosed/" data-width="450" data-height="The pixel height of the plugin" data-colorscheme="light" data-layout="box_count" data-action="like" data-show-faces="false" data-send="false"></div> </li> <li> <!-- G+ button --> <!-- Place this tag where you want the +1 button to render. --> <div class="g-plusone" data-size="tall" data-href=""></div> <!-- Place this tag after the last +1 button tag. --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> </li> <li> <!-- Twitter button --> <a href="https://twitter.com/share" class="twitter-share-button" data-url="" data-via="" data-lang="en" data-related="anywhereTheJavascriptAPI" data-count="vertical">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </li> <li> <!-- Linkedin button --> <script src="//platform.linkedin.com/in.js" type="text/javascript"></script> <script type="IN/Share" data-url="" data-counter="top"></script> </li> <li> <!-- StumbleUpon button --> <!-- Place this tag where you want the su badge to render --> <su:badge layout="5" location=""> </su:badge> <!-- Place this snippet wherever appropriate --> <script type="text/javascript"> (function() { var li = document.createElement('script'); li.type = 'text/javascript'; li.async = true; li.src = ('https:' == document.location.protocol ? 'https:' : 'http:') + '//platform.stumbleupon.com/1/widgets.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(li, s); })(); </script> </li> </ul> </div> </div> <!--DIV--> </div> <!--modalDialog--> </div> <!--mb_supershare_holder--> <script> jQuery(document).ready(function($) { $is_closed="no"; jQuery(document).scroll(function() { if(jQuery('article').length){ //For typical wordpress templates $afterpost = jQuery("article").position().top + jQuery("article").height()-(jQuery("article").height()/3); } else { //For Thesis framework $afterpost = jQuery(".content").position().top + jQuery(".post_box").height()-(jQuery(".post_box").height()/3); } if(jQuery(window).scrollTop() >= $afterpost && $is_closed=="no"){ jQuery(".mb_supershare_modalDialog").css({"display":"block"}); jQuery(".mb_supershare_modalDialog").animate({opacity:"1"},1000); } else{ jQuery(".mb_supershare_modalDialog").css({"display":"none"}); } }); jQuery(".mb_supershare_close").bind("click", function() { jQuery(".mb_supershare_modalDialog").fadeOut("slow"); $is_closed="yes"; setTimeout(function() { jQuery(".mb_supershare_modalDialog").css({"display":"none"}); }, 2000); }); }); </script> <script type='text/javascript'> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6" id="wp-hooks-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.0.2" id="swv-js"></script> <script type="text/javascript" id="contact-form-7-js-before"> /* <![CDATA[ */ var wpcf7 = { "api": { "root": "https:\/\/unifiedguru.com\/wp-json\/", "namespace": "contact-form-7\/v1" } }; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0.2" id="contact-form-7-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.bxslider.js?ver=6.7.1" id="bxslider-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.ticker.js?ver=6.7.1" id="ticker-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mCustomScrollbar.min.js?ver=1.0.0" id="mCustomScrollbar-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mousewheel.min.js?ver=2.0.19" id="mousewheel-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/navigation.js?ver=20120206" id="profitmag-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/keyboard-navigation.js?ver=20120206" id="profitmag-keyboard-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/custom.js?ver=1.0" id="profitmag-custom-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1" id="jail-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6" id="scrolling-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3" id="jquery-easing-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1" id="slidedeck-library-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1" id="slidedeck-public-js"></script> <script type="text/javascript" src="https://platform.twitter.com/widgets.js?ver=1316526300" id="twitter-intent-api-js"></script> <script type="text/javascript" id="fifu-json-ld-js-extra"> /* <![CDATA[ */ var fifuJsonLd = {"url":"https:\/\/www.tenable.com\/sites\/default\/files\/styles\/640x360\/public\/images\/articles\/blog_tenable-research_advisory_tile.jpg?itok=_q2jNVJv"}; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/featured-image-from-url/includes/html/js/json-ld.js?ver=4.9.5" id="fifu-json-ld-js"></script> <script type="text/javascript"> var slideDeck2URLPath = "https://unifiedguru.com/wp-content/plugins/slidedeck"; var slideDeck2iframeByDefault = false; </script> </body> </html>