Tag: XSS

security advisory

[ICS] Trihedral VTScada Multiple Vulnerabilities

ICS-CERT published an advisory on one of my reports this week –
https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01

Vendor: Trihedral
Equipment: VTScada
Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure

AFFECTED PRODUCTS

The following versions of VTScada, an HMI SCADA software, are affected:
VTScada Versions prior to 11.2.26

Read on for details.

security advisory

CIMA DocuClass Enterprise Content Management – Multiple Vulnerabilities

On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.

No response from vendor as expected. Read on.

security advisory

[ICS] XZERES 442SR Wind Turbine XSS Vulnerability

[ICS] XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01

AFFECTED PRODUCTS
XZERES is a US-based energy company that maintains offices in several countries around the world, including the UK, Italy, Japan, Vietnam, Philippines, and Myanmar.

The affected product, 442SR Wind Turbine, has a web-based interface system. According to XZERES, the 442SR is deployed across the Energy sector. XZERES estimates that this product is used worldwide.

Read on

security advisory

[ICS] eWON sa Industrial router – Multiple Vulnerabilities

Reported multiple vulnerabilities in [ICS] Exploitation details for eWON sa Industrial router. Response from eWON was not so surprisingly full of ignorance.

Read on.

security advisory

[ICS] Nordex Control 2 (NC2) SCADA V16 and prior versions – XSS Vulnerability

CERT published an Advisory ICSA-15-286-01, on my vulnerability report for Nordex’s NC2 Wind Farm Portal application.
[ICS] Nordex Control 2 (NC2) SCADA V16 and prior versions – XSS Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
CVE #: CVE-2015-6477

security advisory

Netgear Voice Gateway 2.3.0.23_2.3.23 – Multiple Vulnerabilities

New advisory / exploit posted on Exploit-db & Packetstorm:

https://www.exploit-db.com/exploits/38449/
https://packetstormsecurity.com/files/133941/Netgear-Voice-Gateway-2.3.0.23_2.3.23-XSS-Code-Execution.html

Read on.