Recently, I had posted about multiple security vulnerabilities in SenNet Data Logger appliances and Electricity Meters – https://ipositivesecurity.com/2017/04/07/sennet-data-logger-appliances-and-electricity-meters-multiple-vulnerabilties/
ICS-CERT finally released the advisory on May 11, 2017:
Read on for more details.
1. No access control on the remote shell
2. Shell services running with excessive privileges (superuser)
3. OS Command Injection
4. Insecure Transport
Read on for details and poc.
Details of my security report on Schneider Electric Building Operation Automation Server are documented here.
The vulnerability disclosure and handling assistance from Schneider Electric team was commendable. However, from a security practices point of view, one of the aspects they seem to rely upon is Security through obscurity AND blind trust in the device users/administrators, ignoring both of these are bad concepts to run with.
On a recent pentest, I found few vulnerabilities in GE Industrial Solutions – UPS SNMP Adapter. Successful exploitation can lead to arbitrary command execution as superuser on the device, and sensitive information leakage.
Reported multiple vulnerabilities in Cambium ePMP 1000.
Read on for details & poc.
CERT has published a Vulnerability Note VU#870744 detailing my report for multiple vulnerabilities in ZyXEL PMG5318-B20A and P-660HW-T1 routers
New exploit / advisory posted on Exploit-db & Packetstorm:
New advisory / exploit posted on Exploit-db & Packetstorm: