Author - CyberDanube

[EN] Authenticated Command Injection in Hirschmann (Belden) BAT-C2

Title: Multiple Critical Vulnerabilities Product: Hirschmann (Belden) BAT-C2 Vulnerable version: 8.8.1.0R8 Fixed version: 09.13.01.00R04 CVE: CVE-2022-40282 Impact: High Homepage: https://hirschmann.com/ | https://beldensolutions.com Found: 2022-08-01 Hirschmann BAT-C2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "The Technology and Market Leader in Industrial Networking. Hirschmann™ develops innovative solutions, which are geared towards its customers’ requirements in terms of performance, efficiency and investment reliability." Source: https://beldensolutions.com/en/Company/About_Us/belden_brands/index.phtml Hirschmann (Belden) BAT-C2 1) Authenticated Command Injection The web server of the device is prone to an...

[3 … 3] Conference – DeepSec 2022 “Faking at Level 1 – How Digital Twins Save Your PLCs”

3 out of 3 confirmed conference talks in 2022! Looking back on a successfull conference marathon so far. DeepSec was a blast! DeepSec is a very specialized and a technically deep-dive infosec event. CyberDanube had some really good conversations and some deep OT and IoT/IIoT discussions regarding our product MEDUSA. We got the chance to meet exciting contacts and made some future opportunities. On top we had the pleasure to talk about our main topics of “digital twins out of firmware to...

[EN] Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Title: Authenticated Command Injection Product: Intelbras WiFiber 120AC inMesh Vulnerable version: 1.1-220216 Fixed version: 1-1-220826 CVE: CVE-2022-40005 Impact: High Homepage: https://www.intelbras.com Found: 2022-08-01 The Intelbras WiFiber 120AC inMesh is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "We are Intelbras. A company that for 45 years has been offering innovative solutions in security, networks, communication and energy. Our dream began to come to life there in 1976, in the city of São José, having originated from an...

[2 … 3] Conference – ITSecX “Faking at Level 1 – How Digital Twins Save Your PLCs”

2 out of 3 confirmed conference talks for 2022 - this time at ITSecX. On the 7th of October the well known cyber security conference in Austria took place - IT-Security Community Exchange (IT-SECX) at the St. Pölten University of Applied Sciences ! This years main topic was themed "Cyber Defense" with the keynote "The Law, Policy and Diplomacy of Critical Infrastructure Protection". Since the topics "Critical Infrastructure Protection" go hand in hand with OT and furthermore with the use...

HITB2022 Singapore conference impressions and post-review

Conference 1 of 3 for this year... Starting with the first international one in Singapore - here are a few post-thoughts and insights to share. By the way - if you missed the topic by itself - link to the program: conference.hitb.org/faking-at-level-1-how-digital-twins-save-your-plcs/ the conference started with an thrilling keynote about thousands of insecure things and xIoT; went on with talks about fuzzing of MCUs, kernel module exploitation and API security; having a lunch break with a great meetup in the main area...

[1 ... 3] Conference - HITB2022 Singapore "Faking at Level 1 – How Digital Twins Save Your PLCs"

1 out of 3 confirmed, upcoming conference talks for 2022 - guess where - in Singapore Hack In The Box (HITB). On our list the topic of digital twins and how they are going to secure the OT environment. We are looking forward to OT, embedded and industry security on 25th of August. Every year, numerous big and small incidents in industrial environments, like power plants, factories, or food supply find their way into newspapers. All those affected industries are...