MeteoControl WEB’log Meteocontrol is a Germany-based company that maintains offices in several countries around the world, including the US, China, Italy, Spain, France, Switzerland, and Israel. The affected products, WEB’log, are web-based SCADA systems that provide functions to manage energy and power configurations in different connected (energy/industrial) devices.
Read on for details & poc.
Multiple vulnerabilities are present in Moxa MiiNePort. Following versions have been verified, but it is highly probable all other versions are affected as well.
Device name MiiNePort_E1_7080 Firmware version 1.1.10 Build 09120714 Device name MiiNePort_E1_4641 Firmware version 1.1.10 Build 09120714 Device name MiiNePort_E2_1242 Firmware version 1.1 Build 10080614 Device name : MiiNePort_E2_4561 Firmware version : 1.1 Build 10080614 Model name MiiNePort E3 Firmware version 1.0 Build 11071409
1. Weak Credentials Management - CVE-2016-2286 2. Sensitive information not protected - CVE-2016-2295 3. Vulnerable to Cross-Site Request Forgery - CVE-2016-2285
Read on for details and poc.