Evening Monks, I come to you with another regex problem.
I am trying to parse Documents like this:
ICS-CERT ADVISORY ICSA-11-273-03A—ROCKWELL RSLOGIX DENIAL-OF-SERVICE VULNERABILITY October 06, 2011 OVERVIEW This Updated Advisory is a follow-up to the original Advisory titled “ +ICSA-11-273-03—Rockwell RSLogix denial-of-Service Vulnerability” that was published September +30, 2011 on the ICS-CERT web page. ICS-CERT is aware of a public report of a denial-of-service vulnerabil +ity in Rockwell Automation’s RSLogix application. --------- Begin Update X Part 1 of 2 -------- Rockwell has produced a patch that mitigates this vulnerability for al +l affected versions of FactoryTalk Services Platform and RSLogix 5000. --------- End Update X Part 1 of 2 ---------- AFFECTED PRODUCTS According to Rockwell Automation, the following products are affected: + • RSLogix 5000 software Versions V17, V18, and V19 • All FactoryTalk-branded software of specific Versions CPR9 and CPR9- +SR1 through SR4. IMPACT Successful exploitation of this vulnerability could result in a denial +-of-service. Impact to individual organizations depends on many factors that are un +ique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vul +nerability based on their operational environment, architecture, and product implementation. BACKGROUND Rockwell Automation provides industrial automation control and informa +tion products worldwide, across a wide range of industries. RSLogix 5000 is a programming suite used to develop interfaces within +the control system environment. The FactoryTalk Services Platform is a collection of production and pe +rformance management systems. ICS-CERT Advisory ICSA-11-273-03A Page 1 of 3 VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW A Read Access violation can occur when a specially crafted packet is s +ent to open ports running the software. The open TCP ports are as follows: • 1330 • 4242 • 6543 • 1331 • 4445 • 9111 • 1332 • 4446 • 60093 • 4241 • 5241 • 49281 a A CVE-2011-3489 has been assigned to this vulnerability in the National +Vulnerability Database (NVD). CVSS base score of 5.0 has been assigned. VULNERABILITY DETAILS EXPLOITABILITY This vulnerability is remotely exploitable. EXISTENCE OF EXPLOIT Public exploits are known to target this vulnerability. DIFFICULTY An attacker with a low skill level can create the denial-of-service. MITIGATION --------- Begin Update X Part 2 of 2 -------- Rockwell Automation recommends that concerned customers using FactoryT +alk Services Platform Versions CPR9 and CPR9-SR1 through SR4 and customers using RSLogix ver +sions V17, V18, and V19 b apply patch AID 458689. Customers using FactoryTalk Services Platform CPR7 and earlier, and RS +Logix 5000 V16 and earlier, are not affected by this vulnerability. For full patching instructions and additional information, refer to Ro +ckwell Automation Security Advisory KB 456144. http://rockwellautomation.custhelp.com/app/answers/detail/a_id/456144. + --------- End Update X Part 2 of 2 ---------- a . http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3489, websi +te last accessed October 06, 2011. b. http://rockwellautomation.custhelp.com/app/answers/detail/a_id/4586 +89, website last accessed October 06, 2011. ICS-CERT Advisory ICSA-11-273-03A Page 2 of 3 ICS-CERT encourages asset owners to take additional defensive measures + to protect against this and other cybersecurity risks. • Minimize network exposure for all control system devices. Critical d +evices should not directly face the Internet. • Locate control system networks and remote devices behind firewalls, +and isolate them from the business network. • When remote access is required, use secure methods such as Virtual P +rivate Networks (VPNs), recognizing that VPN is only as secure as the connected devices. The Control Systems Security Program (CSSP) also provides a section fo +r control system security recommended practices on the CSSP web page. Several recommended practi +ces are available for reading and download, including Improving Industrial Control Systems Cybersecu +rity with Defense-in-Depth c Strategies. ICS-CERT reminds organizations to perform proper impact analysis and r +isk assessment prior to taking defensive measures. Organizations observing any suspected malicious activity should follow + their established internal procedures and report their findings to ICS-CERT for tracking and corr +elation against other incidents. ICS-CERT CONTACT For any questions related to this report, please contact ICS-CERT at: ics-cert@dhs.gov E-mail: Toll Free: 1-877-776-7585 For CSSP Information and Incident Reporting: www.ics-cert.org DOCUMENT FAQ What is an ICS-CERT Advisory? An ICS-CERT Advisory is intended to prov +ide awareness or solicit feedback from critical infrastructure owners and operators concerning +ongoing cyber events or activity with the potential to impact critical infrastructure computing network +s When is vulnerability attribution provided to researchers? Attribution + for vulnerability discovery is provided when prior coordination has occurred with either + the vendor, ICS-CERT, or other coordinating entity. ICS-CERT encourages researchers to coordinate vul +nerability details before public release. The public release of vulnerability details prior to the deve +lopment of proper mitigations may put industrial control systems (ICSs) and the public at avoidable risk. c. CSSP Recommended Practices, http://www.us-cert.gov/control_systems/ +practices/Recommended_Practices.html, website last accessed October 06, 2011. ICS-CERT Advisory ICSA-11-273-03A Page 3 of 3
if( $stdout =~ /(?:OVERVIEW|SUMMARY)(.+)(?:AFFECTED\sPRODUCTS|BACKGROU +ND)/s ) { print "$1\n"; }
...and this is my output
This Updated Advisory is a follow-up to the original Advisory titled “ +ICSA-11-273-03—Rockwell RSLogix denial-of-Service Vulnerability” that was published September +30, 2011 on the ICS-CERT web page. ICS-CERT is aware of a public report of a denial-of-service vulnerabil +ity in Rockwell Automation’s RSLogix application. --------- Begin Update X Part 1 of 2 -------- Rockwell has produced a patch that mitigates this vulnerability for al +l affected versions of FactoryTalk Services Platform and RSLogix 5000. --------- End Update X Part 1 of 2 ---------- AFFECTED PRODUCTS According to Rockwell Automation, the following products are affected: + • RSLogix 5000 software Versions V17, V18, and V19 • All FactoryTalk-branded software of specific Versions CPR9 and CPR9- +SR1 through SR4. IMPACT Successful exploitation of this vulnerability could result in a denial +-of-service. Impact to individual organizations depends on many factors that are un +ique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vul +nerability based on their operational environment, architecture, and product implementation.
I wanted the output to be:
This Updated Advisory is a follow-up to the original Advisory titled “ +ICSA-11-273-03—Rockwell RSLogix denial-of-Service Vulnerability” that was published September +30, 2011 on the ICS-CERT web page. ICS-CERT is aware of a public report of a denial-of-service vulnerabil +ity in Rockwell Automation’s RSLogix application. --------- Begin Update X Part 1 of 2 -------- Rockwell has produced a patch that mitigates this vulnerability for al +l affected versions of FactoryTalk Services Platform and RSLogix 5000. --------- End Update X Part 1 of 2 ----------
What am I doing wrong?
In reply to Regex problem by jayto
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |