Author - CyberDanube

[EN] St. Pölten UAS | Path Traversal in Korenix JetPort

Title: Path TraversalProduct: Korenix JetPort 5601Vulnerable version: 1.2Fixed version: -CVE: CVE-2024-11303Impact: HighHomepage: https://korenix.com/Found: 2024-05-24 The Korenix JetPort 5601 device is prone to a path traversal vulnerability. This allows an attacker to retrieve system files including password hashes and configuration. "Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. With decades of experiences in the industry, we have developed various product lines [...]. Our products...

[EN] St. Pölten UAS | Stored Cross-Site Scripting in SEH utnserver Pro

Title: Multiple Stored Cross-Site Scripting Product: SEH utnserver Pro Vulnerable version: 20.1.22 Fixed version: - CVE: CVE-2024-11304 Impact: High Homepage: https://www-seh-technology.com/ Found: 2024-05-24 The untserver Pro ist prone to stored cross-site scripting. This allows an attacker to place malicious code in the web interface of the untserver. "We are SEH from Bielefeld - manufacturer of high-quality network solutions. With over 35 years of experience in the fields of printing and networks, we offer our customers a broad and high-level expertise in solutions for all types of business environments." Source:...

[EN] Multiple Vulnerabilities in Riello Netman 204

Title: Multiple Vulnerabilities Product: Netman 204 Vulnerable version: 4.05 Fixed version: None CVE: CVE-2024-8877, CVE-2024-8878 Impact: High Homepage: https://www.riello-ups.com/ Found: 2024-05-17 The Netman 204 series is prone to unauthenticated SQL injection that allows modification of energy measurement entries. Furthermore, the UPS password reset function can be abused to reset the password without the riello support by calculating the recovery code for resetting the password. "Riello Elettronica, lead by Cav. Lav. Pierantonio Riello, has a presence today in the Electrical manufacturing industry with two divisions: Energy, Automation and Security....

[EN] Multiple Vulnerabilities in Korenix JetPort

Title: Multiple Vulnerabilities Product: Korenix JetPort Vulnerable version: <=1.2 Fixed version: None CVE: CVE-2024-7395, CVE-2024-7396, CVE-2024-7397 Impact: High Homepage: https://korenix.com/ Found: 2024-04-01 The JetPort series is prone to unauthenicated command injection, which allows an attacker to fully compromise the device from the network. "Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. With decades of experiences in the industry, we have developed various product lines [...]. Our products are mainly applied...

[EN] Multiple Vulnerabilities in Perten ProcessPlus

Title: Multiple Vulnerabilities Product: Perten ProcessPlus Vulnerable version: <=1.11.6507.0 Fixed version: 2.0.0 CVE: CVE-2024-6911, CVE-2024-6912, CVE-2024-6913 Impact: High Homepage: https://perkinelmer.com/ Found: 2024-04-24 The ProcessPlus measurement software is prone to local file inclusion, uses default MSSQL credentials, and is executed with unnecessarily high privileges. "For 85 years, PerkinElmer has pushed the boundaries of science from food to health to the environment. We’ve always pursued science with a clear purpose – to help our customers achieve theirs. Our expert team brings technology and intangibles, like creativity, empathy, diligence, and a...

Authenticated Command Injection in Helmholz REX100 Router

Title: Authenticated Command Injection Product: Helmholz Industrial Router REX100, MBConnectline mbNET.mini Vulnerable version: <= 2.2.11 Fixed version: 2.2.13 CVE: CVE-2024-5672 Impact: High Homepage: https://www.helmholz.de/, https://mbconnectline.com/ Found: 2024-05-08 The Helmholz REX100 Router ist prone to an authenticated command injection attack. This allows an attacker to gain root access on the router, which usually acts as key infrastructure device in OT. Helmholz is your specialist when it comes to sophisticated products for your automation projects. With current, clever system solutions from Helmholz, the high demands placed on industrial networks in...

[EN] Multiple Vulnerabilities in SEH untserver Pro

Title: Multiple Vulnerabilities Product: SEH utnserver Pro Vulnerable version: 20.1.22 Fixed version: 20.1.28 CVE: CVE-2024-5420, CVE-2024-5421, CVE-2024-5422 Impact: High Homepage: https://www.seh-technology.com/ Found: 2024-03-04 The untserver Pro ist prone to stored cross-site scripting, file disclosure and denial of service attacks. This allows an attacker to deactivate the device or place malicious code in the web interface of the untserver. We are SEH from Bielefeld - manufacturer of high-quality network solutions. With over 35 years of experience in the fields of printing and networks, we offer our customers a broad...

[EN] Multiple Vulnerabilities in ORing IAP420

Title: Multiple Vulnerabilities Product: ORing IAP-420 Vulnerable version: 2.01e Fixed version: - CVE: CVE-2024-5410, CVE-2024-5411 Impact: High Homepage: https://oringnet.com/ Found: 2024-01-19 The ORing IAP420 is prone to authenticated command injection and stored cross-site scripting. Therefore, an attacker can fully compromize the device via the management interface. Founded in 2005, ORing specializes in developing innovative own-branded products for industrial settings. Over the years, ORing has accumulated abundant experience in wired and wireless network communications industry. In line with the commercialization of 5G, ORing has stretched its arm into the...

IoT Malware Analysis with MEDUSA

Motivation At CyberDanube, we're driven by our curiosity regarding fresh embedded/IoT security topics. Therefore, we are constantly researching new threats, leveraging IoT/IIoT honeypots on public internet to intercept attacks in real-time. These insights fuel our internal research and the development of our firmware emulation solution MEDUSA. During an analysis of one of our deployed honeypots, we encountered a command injection exploit attempt that caught our attention. The related Vulnerability is publicly disclosed and has the assigned CVE number 2023-1389, which...

[EN] Automotive Pentesting - Security Paper

Driving the Future: CyberDanube's Automotive Cyber Security Paper In an era of connected automotive technology, the integration of digital innovations elevates our driving experience. However, with progress comes new challenges, especially in cybersecurity. As vehicles become more connected, the risks of cyber threats escalate. CyberDanube addresses these challenges head-on with our latest Security Paper, exploring the intricacies of safeguarding automotive systems. Understanding Cyber Threats to Modern Vehicles Our Security Paper delves into the evolving landscape of cyber threats targeting modern (automotive) cars....