[EN] St. Pölten UAS | Stored Cross-Site Scripting in SEH utnserver Pro
Title: Multiple Stored Cross-Site Scripting Product: SEH utnserver Pro Vulnerable version: 20.1.22 Fixed version: - CVE: CVE-2024-11304 Impact: High Homepage: https://www-seh-technology.com/ Found: 2024-05-24 The untserver Pro ist prone to stored cross-site scripting. This allows an attacker to place malicious code in the web interface of the untserver. "We are SEH from Bielefeld - manufacturer of high-quality network solutions. With over 35 years of experience in the fields of printing and networks, we offer our customers a broad and high-level expertise in solutions for all types of business environments." Source:...
[EN] Multiple Vulnerabilities in Riello Netman 204
Title: Multiple Vulnerabilities Product: Netman 204 Vulnerable version: 4.05 Fixed version: None CVE: CVE-2024-8877, CVE-2024-8878 Impact: High Homepage: https://www.riello-ups.com/ Found: 2024-05-17 The Netman 204 series is prone to unauthenticated SQL injection that allows modification of energy measurement entries. Furthermore, the UPS password reset function can be abused to reset the password without the riello support by calculating the recovery code for resetting the password. "Riello Elettronica, lead by Cav. Lav. Pierantonio Riello, has a presence today in the Electrical manufacturing industry with two divisions: Energy, Automation and Security....
[EN] Multiple Vulnerabilities in Korenix JetPort
Title: Multiple Vulnerabilities Product: Korenix JetPort Vulnerable version: <=1.2 Fixed version: None CVE: CVE-2024-7395, CVE-2024-7396, CVE-2024-7397 Impact: High Homepage: https://korenix.com/ Found: 2024-04-01 The JetPort series is prone to unauthenicated command injection, which allows an attacker to fully compromise the device from the network. "Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. With decades of experiences in the industry, we have developed various product lines [...]. Our products are mainly applied...
[EN] Multiple Vulnerabilities in Perten ProcessPlus
Title: Multiple Vulnerabilities Product: Perten ProcessPlus Vulnerable version: <=1.11.6507.0 Fixed version: 2.0.0 CVE: CVE-2024-6911, CVE-2024-6912, CVE-2024-6913 Impact: High Homepage: https://perkinelmer.com/ Found: 2024-04-24 The ProcessPlus measurement software is prone to local file inclusion, uses default MSSQL credentials, and is executed with unnecessarily high privileges. "For 85 years, PerkinElmer has pushed the boundaries of science from food to health to the environment. We’ve always pursued science with a clear purpose – to help our customers achieve theirs. Our expert team brings technology and intangibles, like creativity, empathy, diligence, and a...
Authenticated Command Injection in Helmholz REX100 Router
Title: Authenticated Command Injection Product: Helmholz Industrial Router REX100, MBConnectline mbNET.mini Vulnerable version: <= 2.2.11 Fixed version: 2.2.13 CVE: CVE-2024-5672 Impact: High Homepage: https://www.helmholz.de/, https://mbconnectline.com/ Found: 2024-05-08 The Helmholz REX100 Router ist prone to an authenticated command injection attack. This allows an attacker to gain root access on the router, which usually acts as key infrastructure device in OT. Helmholz is your specialist when it comes to sophisticated products for your automation projects. With current, clever system solutions from Helmholz, the high demands placed on industrial networks in...
[EN] Multiple Vulnerabilities in SEH untserver Pro
Title: Multiple Vulnerabilities Product: SEH utnserver Pro Vulnerable version: 20.1.22 Fixed version: 20.1.28 CVE: CVE-2024-5420, CVE-2024-5421, CVE-2024-5422 Impact: High Homepage: https://www.seh-technology.com/ Found: 2024-03-04 The untserver Pro ist prone to stored cross-site scripting, file disclosure and denial of service attacks. This allows an attacker to deactivate the device or place malicious code in the web interface of the untserver. We are SEH from Bielefeld - manufacturer of high-quality network solutions. With over 35 years of experience in the fields of printing and networks, we offer our customers a broad...
[EN] Multiple Vulnerabilities in ORing IAP420
Title: Multiple Vulnerabilities Product: ORing IAP-420 Vulnerable version: 2.01e Fixed version: - CVE: CVE-2024-5410, CVE-2024-5411 Impact: High Homepage: https://oringnet.com/ Found: 2024-01-19 The ORing IAP420 is prone to authenticated command injection and stored cross-site scripting. Therefore, an attacker can fully compromize the device via the management interface. Founded in 2005, ORing specializes in developing innovative own-branded products for industrial settings. Over the years, ORing has accumulated abundant experience in wired and wireless network communications industry. In line with the commercialization of 5G, ORing has stretched its arm into the...
IoT Malware Analysis with MEDUSA
Motivation At CyberDanube, we're driven by our curiosity regarding fresh embedded/IoT security topics. Therefore, we are constantly researching new threats, leveraging IoT/IIoT honeypots on public internet to intercept attacks in real-time. These insights fuel our internal research and the development of our firmware emulation solution MEDUSA. During an analysis of one of our deployed honeypots, we encountered a command injection exploit attempt that caught our attention. The related Vulnerability is publicly disclosed and has the assigned CVE number 2023-1389, which...