Author - CyberDanube

[EN] Multiple Vulnerabilities in Korenix JetNet Series

Title: Multiple Vulnerabilities Product: Korenix JetNet Series Vulnerable version: See "Vulnerable versions" Fixed version: - CVE: CVE-2023-5376, CVE-2023-5347 Impact: High Homepage: https://www.korenix.com/ Found: 2023-08-31 Korenix JetNet series is prone to a unauthenticated firmware upgrade, which leads to remote code execution. "Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. With decades of experiences in the industry, we have developed various product lines [...]. Our products are mainly applied in SMART...

[EN] Industrial Smart Meter Pentesting - Security Paper

Unveiling Vulnerabilities: A Deep Dive into Pentesting Industrial Smart Meters See our latest blog post, where we embark on a journey into the world of industrial smart meters. In an era where the backbone of critical infrastructure relies on interconnected systems, the security of hardware and software becomes paramount. Today, we delve into the realm of pentesting, specifically focusing on the challenges and nuances encountered in the examination of industrial smart meters. Nestled in Vienna, our Hardware Lab is at the...

[EN] St. Pölten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client, TC Router & Cloud Client

Title: Multiple Vulnerabilities Product: Phoenix Contact TC Cloud Client 1002-4G*, TC Router 3002T-4G, Cloud Client 1101T-TX/TX Vulnerable version: <2.07.2, <2.07.2, <2.06.10 Fixed version: 2.07.2, 2.07.2, 2.06.10 CVE: CVE-2023-3526, CVE-2023-3569 Impact: Medium Homepage: https://www.phoenixcontact.com/ Found: 2023-05-04 By: A. Resanovic, S. Stockinger, T. Etzenberger Disclaimer: This vulnerability was discovery during research at St. Pölten UAS, supported and coordinated by CyberDanube. Phoenix Contact TC Cloud Client, TC Router & Cloud Client are prone to a Stored Cross-Site Scripting (XSS) and Billion laughs attack. At Phoenix Contact, our approach is innovative, sustainable, and based on...

[EN] St. Pölten UAS | Multiple Vulnerabilities in Advantech EKI-15XX Series

Title: Multiple Vulnerabilities Product: Advantech EKI-1524-CE series, EKI-1522 series, EKI-1521 series Vulnerable version: <=1.21 (CVE-2023-4202), <=1.24 (CVE-2023-4203) Fixed version: 1.26 CVE: CVE-2023-4202, CVE-2023-4203 Impact: Medium Homepage: https://advantech.com Found: 2023-05-04 By: R. Haas, A. Resanovic, T. Etzenberger, M. Bineder Disclaimer: This vulnerability was discovery during research at St. Pölten UAS, supported and coordinated by CyberDanube. Advantech EKI-1524/1522/1521 devices are prone to multiple Stored Cross-Site Scripting (XSS). "Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms....

[EN] Multiple Vulnerabilities in Advantech EKI-15XX Series

Title: Multiple Vulnerabilities Product: Advantech EKI-1524-CE series, EKI-1522 series, EKI-1521 series Vulnerable version: 1.21 Fixed version: 1.24 CVE: CVE-2023-2573, CVE-2023-2574, CVE-2023-2575 Impact: High Homepage: https://advantech.com Found: 2023-03-06 Advantech EKI-1524/1522/1521 devices are prone to authenticated command injections and a buffer overflow vulnerability. These vulnerabilities can be used to execute arbitrary commands on OS level. "Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms. To embrace the trends of IoT, big data, and artificial...

[EN] CyberDanube is now authorized as CNA (CVE Numbering Authority)

In the course of the development of the SaaS tool >MEDUSA< we frequently do research on firmware samples. Therefore, we often identify undiscovered vulnerabilities and security gaps, as recent publications and talks have proven. We reported such vulnerabilities to vendors and requested CVE (Common Vulnerabilities and Exposures) tracking numbers via official ways at MITRE. As we detect a high number of vulnerabilities with firmware emulation, we need a lot of CVE numbers. To accelerate this process for us and for our...

Decentralized & Verifiable IIoT Product & Firmware Security States on Blockchain

The use of embedded systems in various industries has increased, and with the rise of IoT devices, the potential attack vectors of these systems have grown exponentially. To protect these systems, manufacturers need to implement cybersecurity strategies. The Cyber Resilience Act (CRA) has been introduced by the EU to meet common cybersecurity standards for networked devices and services, particularly in the industrial sector. >MEDUSA< is a SaaS tool that helps manufacturers meet these requirements by analyzing, verifying, and centrally storing the...

[EN] Multiple Vulnerabilities in Korenix JetWave Series

Title: Multiple Vulnerabilities Product: JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, JetWave 2414/2114, JetWave 2424, JetWave 2460, JetWave 3220/3420 V3 Vulnerable version: See "Vulnerable Versions" Fixed version: See "Solution" CVE: CVE-2023-23294, CVE-2023-23295, CVE-2023-23296 Impact: High Homepage: https://korenix.com Found: 2022-11-28 Multiple JetWave products from Korenix are prone to command injection and denial of service (DoS) vulnerabilities. “Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. […] Our products...

[EN] Authenticated Command Injection in Delta Electronics DVW-W02W2-E2

Title: Authenticated Command Injection Product: Delta Electronics DVW-W02W2-E2 Vulnerable version: V2.42 Fixed version: V2.5.2 CVE: CVE-2022-42139 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DVW-W02W2-E2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide innovative, clean and energy -efficient solutions for a better tomorrow," focuses on addressing key environmental issues such as global climate change. As an energy-saving...

[EN] Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN

Title: Multiple Vulnerabilities Product: Delta Electronics DX-2100-L1-CN Vulnerable version: V1.5.0.10 Fixed version: V1.5.0.12 CVE: CVE-2022-42140, CVE-2022-42141 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DX-2100-L1-CN is prone to authenticated command injection and a stored cross-site scripting (XSS) vulnerability. The XSS vulnerability can be used to execute arbitrary commands in the context of a user's browser. The command injection allows an attacker to execute system commands on the device itself. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide...