April 2017

View all on this date written articles further down below.
07 Apr 2017

[ICS] Cambium ePMP SNMP Security Vulnerabilities

Cambium SNMP Security Vulnerabilities

Late last year, in 2016, I decided to take a look at SNMP implementation in Cambium ePMP appliances. After a few hours of checking out supported OIDs and corresponding device operations, the security issues stood out glaringly. The vendor, to the most part, attributed these (read: pass the ball) to SNMP v1/2c, which is inherently insecure; and IMO, still haven't actually fixed the core issues. Why is this significant? Because, simply put, anyone can easily exploit these flaws to take over ePMP devices, and gather sensitive information.

AFFECTED PRODUCTS

  1. Cambium ePMP 1000
  2. Cambium ePMP 2000
  3. Cambium PMP XXX
  4. Cambium ForceXXX models
  5. Potentially all other models


IMPACT
These vulnerabilities may can allow an attacker to access device configuration as well as make unauthorized changes to the device configuration.

Read on for details & poc.

Read more

07 Apr 2017

[ICS] SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities

SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities

About
SenNet is a trademark of Satel Spain that offers monitoring and remote-control solutions for businesses. Our engineers develop, integrate and test the products of SenNet in our facilities in Madrid (Spain).
http://www.sennetmonitoring.com/wp-content/uploads/2016/05/Datasheet_owa31I-.pdf

VULNERABILITY DETAILS
1. No access control on the remote shell
2. Shell services running with excessive privileges (superuser)
3. OS Command Injection
4. Insecure Transport

Read on for poc.

Read more