Author - CyberDanube

[EN] St. Pölten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client, TC Router & Cloud Client

Title: Multiple Vulnerabilities Product: Phoenix Contact TC Cloud Client 1002-4G*, TC Router 3002T-4G, Cloud Client 1101T-TX/TX Vulnerable version: <2.07.2, <2.07.2, <2.06.10 Fixed version: 2.07.2, 2.07.2, 2.06.10 CVE: CVE-2023-3526, CVE-2023-3569 Impact: Medium Homepage: https://www.phoenixcontact.com/ Found: 2023-05-04 By: A. Resanovic, S. Stockinger, T. Etzenberger Disclaimer: This vulnerability was discovery during research at St. Pölten UAS, supported and coordinated by CyberDanube. Phoenix Contact TC Cloud Client, TC Router & Cloud Client are prone to a Stored Cross-Site Scripting (XSS) and Billion laughs attack. At Phoenix Contact, our approach is innovative, sustainable, and based on...

[EN] St. Pölten UAS | Multiple Vulnerabilities in Advantech EKI-15XX Series

Title: Multiple Vulnerabilities Product: Advantech EKI-1524-CE series, EKI-1522 series, EKI-1521 series Vulnerable version: <=1.21 (CVE-2023-4202), <=1.24 (CVE-2023-4203) Fixed version: 1.26 CVE: CVE-2023-4202, CVE-2023-4203 Impact: Medium Homepage: https://advantech.com Found: 2023-05-04 By: R. Haas, A. Resanovic, T. Etzenberger, M. Bineder Disclaimer: This vulnerability was discovery during research at St. Pölten UAS, supported and coordinated by CyberDanube. Advantech EKI-1524/1522/1521 devices are prone to multiple Stored Cross-Site Scripting (XSS). "Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms....

[EN] Multiple Vulnerabilities in Advantech EKI-15XX Series

Title: Multiple Vulnerabilities Product: Advantech EKI-1524-CE series, EKI-1522 series, EKI-1521 series Vulnerable version: 1.21 Fixed version: 1.24 CVE: CVE-2023-2573, CVE-2023-2574, CVE-2023-2575 Impact: High Homepage: https://advantech.com Found: 2023-03-06 Advantech EKI-1524/1522/1521 devices are prone to authenticated command injections and a buffer overflow vulnerability. These vulnerabilities can be used to execute arbitrary commands on OS level. "Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms. To embrace the trends of IoT, big data, and artificial...

[EN] CyberDanube is now authorized as CNA (CVE Numbering Authority)

In the course of the development of the SaaS tool >MEDUSA< we frequently do research on firmware samples. Therefore, we often identify undiscovered vulnerabilities and security gaps, as recent publications and talks have proven. We reported such vulnerabilities to vendors and requested CVE (Common Vulnerabilities and Exposures) tracking numbers via official ways at MITRE. As we detect a high number of vulnerabilities with firmware emulation, we need a lot of CVE numbers. To accelerate this process for us and for our...

Decentralized & Verifiable IIoT Product & Firmware Security States on Blockchain

The use of embedded systems in various industries has increased, and with the rise of IoT devices, the potential attack vectors of these systems have grown exponentially. To protect these systems, manufacturers need to implement cybersecurity strategies. The Cyber Resilience Act (CRA) has been introduced by the EU to meet common cybersecurity standards for networked devices and services, particularly in the industrial sector. >MEDUSA< is a SaaS tool that helps manufacturers meet these requirements by analyzing, verifying, and centrally storing the...

[EN] Multiple Vulnerabilities in Korenix JetWave Series

Title: Multiple Vulnerabilities Product: JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, JetWave 2414/2114, JetWave 2424, JetWave 2460, JetWave 3220/3420 V3 Vulnerable version: See "Vulnerable Versions" Fixed version: See "Solution" CVE: CVE-2023-23294, CVE-2023-23295, CVE-2023-23296 Impact: High Homepage: https://korenix.com Found: 2022-11-28 Multiple JetWave products from Korenix are prone to command injection and denial of service (DoS) vulnerabilities. “Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. […] Our products...

[EN] Authenticated Command Injection in Delta Electronics DVW-W02W2-E2

Title: Authenticated Command Injection Product: Delta Electronics DVW-W02W2-E2 Vulnerable version: V2.42 Fixed version: V2.5.2 CVE: CVE-2022-42139 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DVW-W02W2-E2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide innovative, clean and energy -efficient solutions for a better tomorrow," focuses on addressing key environmental issues such as global climate change. As an energy-saving...

[EN] Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN

Title: Multiple Vulnerabilities Product: Delta Electronics DX-2100-L1-CN Vulnerable version: V1.5.0.10 Fixed version: V1.5.0.12 CVE: CVE-2022-42140, CVE-2022-42141 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DX-2100-L1-CN is prone to authenticated command injection and a stored cross-site scripting (XSS) vulnerability. The XSS vulnerability can be used to execute arbitrary commands in the context of a user's browser. The command injection allows an attacker to execute system commands on the device itself. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide...

[EN] Authenticated Command Injection in Hirschmann (Belden) BAT-C2

Title: Multiple Critical Vulnerabilities Product: Hirschmann (Belden) BAT-C2 Vulnerable version: 8.8.1.0R8 Fixed version: 09.13.01.00R04 CVE: CVE-2022-40282 Impact: High Homepage: https://hirschmann.com/ | https://beldensolutions.com Found: 2022-08-01 Hirschmann BAT-C2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "The Technology and Market Leader in Industrial Networking. Hirschmann™ develops innovative solutions, which are geared towards its customers’ requirements in terms of performance, efficiency and investment reliability." Source: https://beldensolutions.com/en/Company/About_Us/belden_brands/index.phtml Hirschmann (Belden) BAT-C2 1) Authenticated Command Injection The web server of the device is prone to an...

[3 … 3] Conference – DeepSec 2022 “Faking at Level 1 – How Digital Twins Save Your PLCs”

3 out of 3 confirmed conference talks in 2022! Looking back on a successfull conference marathon so far. DeepSec was a blast! DeepSec is a very specialized and a technically deep-dive infosec event. CyberDanube had some really good conversations and some deep OT and IoT/IIoT discussions regarding our product MEDUSA. We got the chance to meet exciting contacts and made some future opportunities. On top we had the pleasure to talk about our main topics of “digital twins out of firmware to...