2018

View all on this date written articles further down below.
28 Jan 2018

[ICS] Trihedral VTScada (more) Multiple Vulnerabilities

Vendor: Trihedral
Equipment: VTScada
Vulnerabilities: Improper Access Control, Uncontrolled Search Path Element

ICS-CERT Advisory:
https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02

CVE-ID:
CVE-2017-14029
CVE-2017-14031

AFFECTED PRODUCTS

Trihedral Engineering Limited reports that the vulnerability affects the following versions of the VTScada HMI and SCADA software:

  • VTScada 11.3.03 and prior.

IMPACT
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.

Read on for details.

Read more

14 Jan 2018

[ICS] Moxa MXview – Unquoted Search Path Vulnerability

Vendor: Moxa
Equipment: MXview
Vulnerability: Unquoted Search Path

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02

CVE-ID
CVE-2017-14030

AFFECTED PRODUCTS
The following versions of MXview, network management software, are affected:

  • MXview v2.8 and prior.

IMPACT
Successful exploitation of this vulnerability may allow an authenticated, but non-privileged, local user to execute arbitrary code with elevated privileges.

Read on for details.

Read more

05 Jan 2018

Cambium Networks Services Server (CNSS) – Access Control Flaws

Cambium Networks Services Server (CNSS) - Access Control Flaws

This 0-day report was submitted to Cambium via Beyond Trust's SSD program and resolved back in November 2017. Forgot to push this out. Publishing the report now.

Cambium Networks Services Server (CNSS) - Official Cambium software tool to manage Cambium ePMP devices

http://www.cambiumnetworks.com/products/software-tools/cns-server/

The Cambium Networks Services (CNS) Server is a network management application provided by Cambium Networks to manage ePMP devices.

Centrally manage the distribution of software upgrades to your ePMP network via a standard web browser

Vulnerable versions – 1.3.2.3.3211 - (current at the time of reporting)

Fixed - a patch was released for 1.3.2.3.3211 which fixes these issues

Vulnerability Summary

  1. It is possible for an un-authenticated user to access sensitive configuration files from the server.
  2. It is possible for a low-privileged user to access restricted, sensitive information.

Read on for details.

Read more

05 Jan 2018

Cambium Network Updater Tool (CNUT) – Unauthenticated File Path Traversal

Cambium Network Updater Tool (CNUT) - File Path Traversal

This 0-day report was submitted to Cambium via Beyond Trust's SSD program and resolved back in November 2017. Forgot to push this out. Publishing the report now.

Cambium Network Updater Tool (CNUT) - Official Cambium software tool to manage Cambium Devices

The Network Updater Tool is a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you are using list as supported. Because this tool is available, an operator does not need to visit each module in the network or even each AP where they would otherwise use the SM Autoupdate capability of the radios.

Vulnerable versions – 4.11.2 - (current at the time of reporting)

Fixed - versions > 4.11.2

Vulnerability Summary
It is possible for an un-authenticated user to read arbitrary files off of the file system.

Read on for details.

Read more