security advisory Archives - Page 2 of 9

Posted in security advisory

01 Sep 2017

[ICS] SpiderControl SCADA Web Server – Directory Traversal Vulnerability

By Karn Ganeshen On September 1, 2017 With No Comments

Vendor: SpiderControl
Equipment: SCADA Web Server
Vulnerability: Directory Traversal

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03

ZDI Advisory:
http://www.zerodayinitiative.com/advisories/ZDI-17-695

CVE-ID
CVE-2017-12694

AFFECTED PRODUCTS
The following versions of SpiderControl SCADA Web Server, a software management platform, are affected:

SCADA Web Server < version 2.02.0100

IMPACT

Successful exploitation of this vulnerability allows an attacker to gain read access to system files through directory traversal.

Read on for details.

Posted in security advisory

01 Sep 2017

[ICS] Moxa SoftNVR-IA Live Viewer – Insecure Library Loading Allows Code Execution

By Karn Ganeshen On September 1, 2017 With No Comments

Vendor: Moxa
Equipment: SoftNVR-IA Live Viewer
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02

CVE-ID
CVE-2017-5170

AFFECTED PRODUCTS
The following versions of SoftNVR-IA Live Viewer, a video surveillance software designed for industrial automation systems, are affected:

SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions

IMPACT
Successful exploitation of this vulnerability may allow an attacker to execute code from a malicious DLL on the affected system with the same privileges as the user running the program.

Read on for details.

Posted in security advisory

01 Sep 2017

[ICS] Solar Controls WATTConfig M Software – Insecure Library Loading Allows Code Execution

By Karn Ganeshen On September 1, 2017 With No Comments

Vendor: Solar Controls
Equipment: WATTConfig M Software
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-03

CVE-ID
CVE-2017-9648

AFFECTED PRODUCTS
The following versions of Solar Controls’ WATTConfig M Software for Windows 2.5.10 for M SSR/MAX PLCs are affected:

WATTConfig M Software, Version 2.5.10.1 and prior.

IMPACT
Successful exploitation of this vulnerability may allow arbitrary code execution.

Read on for details.

Posted in security advisory

01 Sep 2017

[ICS] SpiderControl SCADA MicroBrowser – Stack Buffer Overflow

By Karn Ganeshen On September 1, 2017 With No Comments

Vendor: SpiderControl
Equipment: SCADA MicroBrowser
Vulnerability: Stack-based Buffer Overflow

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02

ZDI Advisory
http://www.zerodayinitiative.com/advisories/ZDI-17-694/

CVE-ID
CVE-2017-12707

AFFECTED PRODUCTS
The following versions of SCADA MicroBrowser, a software management platform, are affected:

SCADA MicroBrowser Versions 1.6.30.144 and prior.

IMPACT

Successful exploitation of this vulnerability could allow an attacker to gain access to the system, manipulate system files, and potentially render the system unavailable.

Read on for details.

Posted in security advisory

01 Sep 2017

[ICS] SIMPlight SCADA software – Insecure Library Loading Allows Code Execution

By Karn Ganeshen On September 1, 2017 With No Comments

Vendor: SIMPlight
Equipment: SCADA Software
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01

CVE-ID
CVE-2017-9661

AFFECTED PRODUCTS
The following versions of SIMPlight SCADA software, software for building management systems and automated facilities, are affected:

SCADA Software version 4.3.0.27 and prior.

IMPACT
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

Read on for details.

Posted in security advisory

01 Sep 2017

[ICS] AzeoTech DAQFactory – Insecure Default Permissions and Insecure Library Loading Allows Code Execution

By Karn Ganeshen On September 1, 2017 With No Comments

Vendor: AzeoTech
Equipment: DAQFactory
Vulnerability: Weak Permissions, Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01

CVE-IDs
CVE-2017-5147
CVE-2017-12699

AFFECTED PRODUCTS
The following versions are affected:

DAQFactory versions prior to 17.1

IMPACT
Successful exploitation of these vulnerabilities could allow authenticated local users to escalate their privileges and execute arbitrary code.

Read on for details.

Posted in security advisory

01 Sep 2017

[ICS] Solar Controls Heating Control Downloader – Insecure Library Loading Allows Code Execution

By Karn Ganeshen On September 1, 2017 With No Comments

Vendor: Solar Controls
Equipment: Heating Control Downloader (HCDownloader)
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02

CVE-ID
CVE-2017-9646

AFFECTED PRODUCTS
The following versions of Solar Controls’ Heating Control Downloader (HCDownloader) are affected:

HCDownloader, Version 1.0.1.15 and prior.

IMPACT
Successful exploitation of this vulnerability may allow arbitrary code execution.

Read on for details.

Posted in security advisory

28 Jun 2017

[ICS] Cambium ePMP ICS-CERT Advisory Published

By Karn Ganeshen On June 28, 2017 With No Comments

Back in April 2017, I posted SNMP vulnerabilities in Cambium ePMP devices. ICS-CERT has now published the advisory for Cambium ePMP SNMP vulnerabilities: https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01 Vendor: Cambium Networks
Equipment: ePMP
Vulnerabilities: Improper Access Control, Improper Privilege Management
CVE-IDs
CVE-2017-7918
CVE-2017-7922 Cambium ePMP product security, putting it mildly, needs considerable improvement. I will be publishing another set of fresh reports on Cambium devices soon. In case you are using ePMP boxes, or other Cambium appliances, please ensure: 1. your devices are not accessible publicly
2. default account passwords & SNMP community strings are changed to strong values
3. SNMP is filtered at the firewall. Read on for details.

Posted in security advisory

28 Jun 2017

[ICS] Schneider Electric Pro-Face WinGP – Insecure Library Loading Allows Code Execution

By Karn Ganeshen On June 28, 2017 With No Comments

[ICS] Schneider Electric Pro-Face WinGP - Runtime.exe – Insecure Library Loading Allows Code Execution

Vendor: Schneider Electric
Equipment: Pro-Face WinGP
Vulnerability: Uncontrolled Search Path Element (DLL side-loading)

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-215-01

AFFECTED PRODUCTS
Schneider Electric Pro-Face WinGP - Packaged version with GP Pro Server EX -> current version

IMPACT
Successful exploitation of this vulnerability could allow an authenticated user to escalate his or her privileges. Read on for details.

Read on for details.

Posted in security advisory

15 Jun 2017

[ICS] Digital Canal Structural Wind Analysis Stack Buffer Overflow

By Karn Ganeshen On June 15, 2017 With No Comments

ICS-CERT published an advisory on one of my reports this week –
https://ics-cert.us-cert.gov/advisories/ICSA-17-157-02 Vendor: Digital Canal Structural
Equipment: Wind Analysis
Vulnerability: Stack-Based Buffer Overflow
AFFECTED PRODUCTS
The following versions of Wind Analysis, a structural engineering software platform, are affected:
Wind Analysis versions 9.1 and prior. IMPACT
Successful exploitation of this vulnerability could cause the device that the attacker is accessing to become unavailable, resulting in a denial of service. Read on for details.