Author: Karn Ganeshen

security advisory

Cambium SNMP Security Vulnerabilities

Cambium SNMP Security Vulnerabilities

AFFECTED PRODUCTS

Cambium ePMP 1000
Cambium ePMP 2000
Cambium PMP XXX
Cambium ForceXXX models
Potentially all other models

IMPACT

These vulnerabilities may can allow an attacker to access device configuration as well as make unauthorized changes to the device configuration.

Read on for the details.

security advisory

SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilties

VULNERABILITY DETAILS

1. No access control on the remote shell
2. Shell services running with excessive privileges (superuser)
3. OS Command Injection
4. Insecure Transport

Read on for details and poc.

security advisory

[ICS] Sielco Sistemi Winlog SCADA Software – Insecure Library Loading Allows Code Execution

ICS-CERT published an advisory on one of my reports last month –
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01

Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution

Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element

security advisory

[ICS] LAquis SCADA Path Traversal Vulnerability

ICS-CERT published a new advisory on one of my reports recently –
https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01

LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA Access Control Vulnerability

Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Path Traversal