Tag: CSRF

security advisory

[ICS] Multiple vulnerabilities – Powerlogic/Schneider Electric IONXXXX series Smart Meters

Multiple security issues in Powerlogic/Schneider Electric IONXXXX series power meters

The following IONXXXX series power meter versions are affected:
ION73XX series,
ION75XX series,
ION76XX series,
ION8650 series,
ION8800 series, and
PM5XXX series.

security advisory

RS232-NET Converter (model JTC-200) – Multiple vulnerabilities

Exploiting RS232-NET Converter (model JTC-200)

Seen deployed in:
CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
HiNet (Taiwan & China)
PT Comunicacoes (Portugal)
Sony Network Taiwan Limited (Taiwan)
Vodafone Portugal (Portugal)

security advisory

CIMA DocuClass Enterprise Content Management – Multiple Vulnerabilities

On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.

No response from vendor as expected. Read on.

security advisory

[ICS] Sierra Wireless AirLink Raven XE Industrial 3G Gateway – Multiple Vulnerabilities

Multiple vulnerabilities in Sierra Wireless AirLink Raven XE Industrial 3G Gateway

About
http://www.sierrawireless.com/products-and-solutions/gateway-solutions/raven-series/

The Sierra Wireless Raven XE and XT wireless gateways are used in the following industries and applications: utilities, manufacturing, automation, oil and gas, Ethernet-based SCADA, and telemetry.

security advisory

EdgeCore – ES3526XA Manager – Multiple Vulnerabilities

EdgeCore – Layer2+ Fast Ethernet Standalone Switch ES3526XA Manager – Multiple Vulnerabilities

Also rebranded as: SMC TigerSwitch 10/100 SMC6128L2 Manager

security advisory

[ICS] Papouch TME Temperature & Humidity Thermometers – Multiple Vulnerabilities

[ICS] Papouch TME Temperature & Humidity Thermometers – Multiple Vulnerabilities

Vulnerable Products
1. Papouch TME Ethernet thermometer
2. Papouch TME multi: Temperature and humidity via Ethernet

All versions are affected.

security advisory

HP StoreEver MSL6480 Tape Library v4.10 – Multiple Vulnerabilities

While on a pentest, I found multiple vulnerabilities in HP StoreEver MSL6480 Tape Library v4.10.

Read on.

security advisory

[ICS] Moxa MiiNePort – Multiple Vulnerabilities

[ICS] Moxa MiiNePort – Multiple Vulnerabilities

Multiple vulnerabilities are present in Moxa MiiNePort which, I believe, affect all versions & models.

Vulnerability Summary
1. Weak Credentials Management – CVE-2016-2286
2. Sensitive information not protected – CVE-2016-2295
3. Vulnerable to Cross-Site Request Forgery – CVE-2016-2285

security advisory

[ICS] eWON sa Industrial router – Multiple Vulnerabilities

Reported multiple vulnerabilities in [ICS] Exploitation details for eWON sa Industrial router. Response from eWON was not so surprisingly full of ignorance.

Read on.