CSRF

05 Sep 2016

[ICS] Multiple vulnerabilities – Powerlogic/Schneider Electric IONXXXX series Smart Meters

Reported multiple security issues in Powerlogic/Schneider Electric IONXXXX series power meters.

Affected Devices
The following IONXXXX series power meter versions are affected:

  • ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series.

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03

CVE-IDs
CVE-2016-5809
CVE-2016-5815

Read on for details and poc.

Read more

05 Jul 2016

[ICS] RS232-NET Converter (model JTC-200) – Multiple vulnerabilities

Found multiple vulnerabilities in RS232-NET Converter (model JTC-200), and have been coordinating with ICS-CERT for quite a while now. IMHO it is time for a public disclosure.

Product details -> http://www.jantek.com.tw/en/product/73

Seen deployed in:
  • CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
  • HiNet (Taiwan & China)
  • PT Comunicacoes (Portugal)
  • Sony Network Taiwan Limited (Taiwan)
  • Vodafone Portugal (Portugal)

This hardware seems to be in use on several large corporate networks, and has a backdoor shell quietly listening in offering unauthenticated access!

Read on for details and poc.

Read more

05 Jul 2016

CIMA DocuClass Enterprise Content Management – Multiple Vulnerabilities

On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.

There has been no response from vendor as expected.

Read on for poc.

Read more

25 Jun 2016

[ICS] Sierra Wireless AirLink Raven XE Industrial 3G Gateway – Multiple Vulnerabilities

[ICS] Multiple vulnerabilities in Sierra Wireless AirLink Raven XE Industrial 3G Gateway About http://www.sierrawireless.com/products-and-solutions/gateway-solutions/raven-series/ The Sierra Wireless Raven XE and XT wireless gateways are used in the following industries and applications: utilities, manufacturing, automation, oil and gas, Ethernet-based SCADA, and telemetry. Read on

Read more

23 Jun 2016

EdgeCore – ES3526XA Manager – Multiple Vulnerabilities

EdgeCore - Layer2+ Fast Ethernet Standalone Switch ES3526XA Manager - Multiple Vulnerabilities

Also rebranded as: SMC TigerSwitch 10/100 SMC6128L2 Manager

Confirmed versions:

Object ID:
1.3.6.1.4.1.259.8.1.5

Switch Information 
________________________________________
Main Board:
Number of Ports 26
Hardware Version R01
Management Software:
Loader Version 1.0.0.2
Boot-ROM Version 1.0.0.5
Operation Code Version 1.28.16.14
Object ID:
1.3.6.1.4.1.202.20.66

Switch Information 
________________________________________
Main Board:
Number of Ports 28
Hardware Version R01
Chip Device ID Marvell 98DX106-B0, 88E6095[F]
Internal Power Status Active

Management Software:
EPLD Version 0.07
Loader Version 1.0.2.0
Boot-ROM Version 1.2.0.1
Operation Code Version 1.4.18.2
Role Master
Other firmware / software versions may also be affected.

Read more

15 Jun 2016

[ICS] Papouch TME Temperature & Humidity Thermometers – Multiple Vulnerabilities

[ICS] Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities

Vulnerable Products

  1. Papouch TME Ethernet thermometer
  2. Papouch TME multi: Temperature and humidity via Ethernet

All versions affected

About
TME - Ethernet Thermometer
http://www.papouch.com/en/shop/product/tme-ip-ethernet-thermometer/

TME multi: Temperature and humidity via Ethernet
http://www.papouch.com/en/shop/product/tme-multi-temperature-humidity-via-ethernet/
 
Read on for details and poc.

Read more

03 May 2016

[ICS] Moxa MiiNePort – Multiple Vulnerabilities

Multiple vulnerabilities are present in Moxa MiiNePort. Following versions have been verified, but it is highly probable all other versions are affected as well.

Confirmed Device Models + Firmware versions
 
Device name MiiNePort_E1_7080
Firmware version 1.1.10 Build 09120714
 
Device name MiiNePort_E1_4641
Firmware version 1.1.10 Build 09120714
 
Device name MiiNePort_E2_1242
Firmware version 1.1 Build 10080614
 
Device name         : MiiNePort_E2_4561
Firmware version    : 1.1 Build 10080614
 
Model name MiiNePort E3
Firmware version 1.0 Build 11071409
 
Vulnerability Summary
1. Weak Credentials Management - CVE-2016-2286
2. Sensitive information not protected - CVE-2016-2295
3. Vulnerable to Cross-Site Request Forgery - CVE-2016-2285

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01

Read on for details and poc.

Read more

24 Dec 2015

[ICS] eWON sa Industrial router – Multiple Vulnerabilities

Reported multiple vulnerabilities in eWON sa Industrial router. Response from eWON was not so surprisingly full of ignorance.

AFFECTED PRODUCTS
The following eWON router firmware versions are affected:
All eWON firmware versions prior to 10.1s0
 
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01
 
CVE-IDs
CVE-2015-7924
CVE-2015-7925
CVE-2015-7926
CVE-2015-7927
CVE-2015-7928
CVE-2015-7929

Read on.

Read more