Privilege Escalation

02 Mar 2016

[ICS] Schneider Electric Building Operation Automation Server Multiple Vulnerabilities

Details of my security report on Schneider Electric Building Operation Automation Server are documented here. The vulnerability disclosure and handling assistance from Schneider Electric team was commendable. However, from a security practices point of view, one of the aspects they seem to rely upon is Security through obscurity AND blind trust in the device users/administrators, ignoring the fact that both of these are bad concepts to run with.

CVE-ID
CVE-2016-2278

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01

Read on.

Read more

28 Nov 2015

Cambium ePMP 1000 – Multiple vulnerabilities

A couple of weeks back, I came across Cambium ePMP devices. I found multiple vulnerabilities in Cambium ePMP 1000 devices, and as always, attempted to work with the vendor. But you know how most vendor(s) handle a responsible disclosure. Poorly.

Hence, documenting these findings and proof of concepts now.

Read on for details.

Read more