July 2016

View all on this date written articles further down below.
05 Jul 2016

[ICS] RS232-NET Converter (model JTC-200) – Multiple vulnerabilities

Found multiple vulnerabilities in RS232-NET Converter (model JTC-200), and have been coordinating with ICS-CERT for quite a while now. IMHO it is time for a public disclosure.

Product details -> http://www.jantek.com.tw/en/product/73

Seen deployed in:
  • CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
  • HiNet (Taiwan & China)
  • PT Comunicacoes (Portugal)
  • Sony Network Taiwan Limited (Taiwan)
  • Vodafone Portugal (Portugal)

This hardware seems to be in use on several large corporate networks, and has a backdoor shell quietly listening in offering unauthenticated access!

Read on for details and poc.

Read more

05 Jul 2016

CIMA DocuClass Enterprise Content Management – Multiple Vulnerabilities

On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.

There has been no response from vendor as expected.

Read on for poc.

Read more

01 Jul 2016

[ICS] ICS-ALERT-16-182-01 published – Sierra Wireless Raven XE & XT vulnerabilities

Couple of days back, I posted multiple vulnerabilities in Sierra Wireless Raven XE & XT devices on Full Disclosure list, and here:
http://ipositivesecurity.com/2016/06/25/ics-sierra-wireless-airlink-raven-xe-industrial-3g-gateway-multiple-vulnerabilities/

ICS-CERT team confirmed yesterday they have released an alert on this report as well now:
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-182-01

Read on

Read more