ELNet Energy meter & Electrical Powermeter vulnerabilities – another case of poor software security practices.
Multiple security issues in Powerlogic/Schneider Electric IONXXXX series power meters
The following IONXXXX series power meter versions are affected:
ION8800 series, and
Halliburton LogView Pro 9.7.5 – (.cgm/.tif/.tiff/.tifh) Denial of Service Crash exploit
mySCADAPro v7 Local Privilege Escalation
Reporting a vulnerability in mySCADAPro version 7 (current version).
Vendor: mySCADA Technologies s.r.o.
Product web page: https://www.myscada.org/
Affected application: myscadaPro
Affected version: v7 (Current version)
Exploiting RS232-NET Converter (model JTC-200)
Seen deployed in:
CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
HiNet (Taiwan & China)
PT Comunicacoes (Portugal)
Sony Network Taiwan Limited (Taiwan)
Vodafone Portugal (Portugal)
On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.
No response from vendor as expected. Read on.
Couple of days back, I posted multiple vulnerabilities in Sierra Wireless Raven XE & XT devices on Full Disclosure list, and here:
ICS-CERT team confirmed yesterday they have released an alert on this report as well now:
Solving Exploit Exercises – nebula level14
Solving Exploit Exercises – nebula level13
Solving Exploit Exercises – nebula level12