Cambium SNMP Security Vulnerabilities
Cambium ePMP 1000
Cambium ePMP 2000
Cambium PMP XXX
Cambium ForceXXX models
Potentially all other models
These vulnerabilities may can allow an attacker to access device configuration as well as make unauthorized changes to the device configuration.
Read on for the details.
1. No access control on the remote shell
2. Shell services running with excessive privileges (superuser)
3. OS Command Injection
4. Insecure Transport
Read on for details and poc.
ICS-CERT published an advisory on one of my reports recently –
LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA Access Control Vulnerability
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Improper Access Control
Hacking Binom3 Electric Power Quality Meters
ELNet Energy meter & Electrical Powermeter vulnerabilities – another case of poor software security practices.
Reported multiple security issues in Powerlogic/Schneider Electric IONXXXX series power meters
Reported to ICS-CERT – July 2016
Advisory published – Nov 2016
The following IONXXXX series power meter versions are affected:
ION8800 series, and
Exploiting RS232-NET Converter (model JTC-200)
Seen deployed in:
CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
HiNet (Taiwan & China)
PT Comunicacoes (Portugal)
Sony Network Taiwan Limited (Taiwan)
Vodafone Portugal (Portugal)
On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.
No response from vendor as expected. Read on.
[ICS] Multiple vulnerabilities in Sierra Wireless AirLink Raven XE Industrial 3G Gateway
The Sierra Wireless Raven XE and XT wireless gateways are used in the following industries and applications: utilities, manufacturing, automation, oil and gas, Ethernet-based SCADA, and telemetry.