Reported multiple security issues in Powerlogic/Schneider Electric IONXXXX series power meters
Reported to ICS-CERT – July 2016
Advisory published – Nov 2016
The following IONXXXX series power meter versions are affected:
ION8800 series, and
Exploiting RS232-NET Converter (model JTC-200)
Seen deployed in:
CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
HiNet (Taiwan & China)
PT Comunicacoes (Portugal)
Sony Network Taiwan Limited (Taiwan)
Vodafone Portugal (Portugal)
On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.
No response from vendor as expected. Read on.
[ICS] Multiple vulnerabilities in Sierra Wireless AirLink Raven XE Industrial 3G Gateway
The Sierra Wireless Raven XE and XT wireless gateways are used in the following industries and applications: utilities, manufacturing, automation, oil and gas, Ethernet-based SCADA, and telemetry.
EdgeCore – Layer2+ Fast Ethernet Standalone Switch ES3526XA Manager – Multiple Vulnerabilities
Also rebranded as: SMC TigerSwitch 10/100 SMC6128L2 Manager
[ICS] Papouch TME Temperature & Humidity Thermometers – Multiple Vulnerabilities
1. Papouch TME Ethernet thermometer
2. Papouch TME multi: Temperature and humidity via Ethernet
All versions are affected.
While on a pentest, I found multiple vulnerabilities in HP StoreEver MSL6480 Tape Library v4.10.
[ICS] Moxa MiiNePort – Multiple Vulnerabilities
Multiple vulnerabilities are present in Moxa MiiNePort which, I believe, affect all versions & models.
1. Weak Credentials Management – CVE-2016-2286
2. Sensitive information not protected – CVE-2016-2295
3. Vulnerable to Cross-Site Request Forgery – CVE-2016-2285
Reported multiple vulnerabilities in [ICS] Exploitation details for eWON sa Industrial router. Response from eWON was not so surprisingly full of ignorance.
PROLiNK H5004NK ADSL Wireless Modem Multiple Vulnerabilities