Weak Credential Management

05 Sep 2016

[ICS] Multiple vulnerabilities – Powerlogic/Schneider Electric IONXXXX series Smart Meters

Reported multiple security issues in Powerlogic/Schneider Electric IONXXXX series power meters.

Affected Devices
The following IONXXXX series power meter versions are affected:

  • ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series.

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03

CVE-IDs
CVE-2016-5809
CVE-2016-5815

Read on for details and poc.

Read more

05 Jul 2016

[ICS] RS232-NET Converter (model JTC-200) – Multiple vulnerabilities

Found multiple vulnerabilities in RS232-NET Converter (model JTC-200), and have been coordinating with ICS-CERT for quite a while now. IMHO it is time for a public disclosure.

Product details -> http://www.jantek.com.tw/en/product/73

Seen deployed in:
  • CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
  • HiNet (Taiwan & China)
  • PT Comunicacoes (Portugal)
  • Sony Network Taiwan Limited (Taiwan)
  • Vodafone Portugal (Portugal)

This hardware seems to be in use on several large corporate networks, and has a backdoor shell quietly listening in offering unauthenticated access!

Read on for details and poc.

Read more

25 Jun 2016

[ICS] Sierra Wireless AirLink Raven XE Industrial 3G Gateway – Multiple Vulnerabilities

[ICS] Multiple vulnerabilities in Sierra Wireless AirLink Raven XE Industrial 3G Gateway About http://www.sierrawireless.com/products-and-solutions/gateway-solutions/raven-series/ The Sierra Wireless Raven XE and XT wireless gateways are used in the following industries and applications: utilities, manufacturing, automation, oil and gas, Ethernet-based SCADA, and telemetry. Read on

Read more

23 Jun 2016

EdgeCore – ES3526XA Manager – Multiple Vulnerabilities

EdgeCore - Layer2+ Fast Ethernet Standalone Switch ES3526XA Manager - Multiple Vulnerabilities

Also rebranded as: SMC TigerSwitch 10/100 SMC6128L2 Manager

Confirmed versions:

Object ID:
1.3.6.1.4.1.259.8.1.5

Switch Information 
________________________________________
Main Board:
Number of Ports 26
Hardware Version R01
Management Software:
Loader Version 1.0.0.2
Boot-ROM Version 1.0.0.5
Operation Code Version 1.28.16.14
Object ID:
1.3.6.1.4.1.202.20.66

Switch Information 
________________________________________
Main Board:
Number of Ports 28
Hardware Version R01
Chip Device ID Marvell 98DX106-B0, 88E6095[F]
Internal Power Status Active

Management Software:
EPLD Version 0.07
Loader Version 1.0.2.0
Boot-ROM Version 1.2.0.1
Operation Code Version 1.4.18.2
Role Master
Other firmware / software versions may also be affected.

Read more

15 Jun 2016

[ICS] Papouch TME Temperature & Humidity Thermometers – Multiple Vulnerabilities

[ICS] Papouch TME Temperature & Humidity Thermometers - Multiple Vulnerabilities

Vulnerable Products

  1. Papouch TME Ethernet thermometer
  2. Papouch TME multi: Temperature and humidity via Ethernet

All versions affected

About
TME - Ethernet Thermometer
http://www.papouch.com/en/shop/product/tme-ip-ethernet-thermometer/

TME multi: Temperature and humidity via Ethernet
http://www.papouch.com/en/shop/product/tme-multi-temperature-humidity-via-ethernet/
 
Read on for details and poc.

Read more

14 May 2016

[ICS] Meteocontrol WEB’log Multiple Vulnerabilities

MeteoControl WEB’log Meteocontrol is a Germany-based company that maintains offices in several countries around the world, including the US, China, Italy, Spain, France, Switzerland, and Israel. The affected products, WEB’log, are web-based SCADA systems that provide functions to manage energy and power configurations in different connected (energy/industrial) devices.

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01

CVE-IDs
CVE-2016-2296
CVE-2016-2297
CVE-2016-2298

Read on for details & poc.

Read more