Tag: sensitive clear-text info

security advisory

[ICS] Carlo Gavazzi VMUC-EM Energy Meter – Multiple Vulnerabilities

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03

CVE-IDs
CVE-2017-5144
CVE-2017-5145
CVE-2017-5146

security advisory

[ICS] BINOM3 Electric Power Quality Meter – Multiple Vulnerabilities

Hacking Binom3 Electric Power Quality Meters

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A

security advisory

[ICS] Meteocontrol WEB’log Multiple Vulnerabilities

[ICS] Meteocontrol WEB’log Multiple Vulnerabilities

About MeteoControl WEB’log
Meteocontrol is a Germany-based company that maintains offices in several countries around the world, including the US, China, Italy, Spain, France, Switzerland, and Israel.

The affected products, WEB’log, are web-based SCADA systems that provide functions to manage energy and power configurations in different connected (energy/industrial) devices.

Read on.

security advisory

[ICS] Moxa MiiNePort – Multiple Vulnerabilities

[ICS] Moxa MiiNePort – Multiple Vulnerabilities

Multiple vulnerabilities are present in Moxa MiiNePort which, I believe, affect all versions & models.

Vulnerability Summary
1. Weak Credentials Management – CVE-2016-2286
2. Sensitive information not protected – CVE-2016-2295
3. Vulnerable to Cross-Site Request Forgery – CVE-2016-2285

security advisory

[ICS] GEDE UPS SNMP Adapter Vulnerabilities

On a recent pentest, I found few vulnerabilities in GE Industrial Solutions – UPS SNMP Adapter. Successful exploitation can lead to arbitrary command execution as superuser on the device, and sensitive information leakage.

Read on.

security advisory

LG-Nortel ADSL modem Multiple Vulnerabilities

A while back in April – May 2015, on a pentest in Sydney, I was testing a LG-Nortel ADSL modem for a customer. This device model is heavily deployed by Optus in Australia (Sydney) for its SOHO broadband customers. Found several security flaws on the device which I then reported to appropriate teams.

(Potential) Estimated deployment size is 20-30% of customer base.
Optus, CERT-US, CERT-AU, are aware of these issues.
Ownership of this model by LG Nortel could not be identified. <--- The issues are not fixed. This device may very well be used by other Service Providers and / or in other locations. I am not sure if & how this device might connect back to Optus network. If it does connect / talk back, it'd be interesting what impact it can create.