[EN] St. Pölten UAS | Path Traversal in Korenix JetPort

Title: Path TraversalProduct: Korenix JetPort 5601Vulnerable version: 1.2Fixed version: -CVE: CVE-2024-11303Impact: HighHomepage: https://korenix.com/Found: 2024-05-24 The Korenix JetPort 5601 device is prone to a path traversal vulnerability. This allows an attacker to retrieve system files including password hashes and configuration. "Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. With decades of experiences in the industry, we have developed various product lines [...]. Our products...

[EN] St. Pölten UAS | Stored Cross-Site Scripting in SEH utnserver Pro

Title: Multiple Stored Cross-Site Scripting Product: SEH utnserver Pro Vulnerable version: 20.1.22 Fixed version: - CVE: CVE-2024-11304 Impact: High Homepage: https://www-seh-technology.com/ Found: 2024-05-24 The untserver Pro ist prone to stored cross-site scripting. This allows an attacker to place malicious code in the web interface of the untserver. "We are SEH from Bielefeld - manufacturer of high-quality network solutions. With over 35 years of experience in the fields of printing and networks, we offer our customers a broad and high-level expertise in solutions for all types of business environments." Source:...

[EN] Multiple Vulnerabilities in Riello Netman 204

Title: Multiple Vulnerabilities Product: Netman 204 Vulnerable version: 4.05 Fixed version: None CVE: CVE-2024-8877, CVE-2024-8878 Impact: High Homepage: https://www.riello-ups.com/ Found: 2024-05-17 The Netman 204 series is prone to unauthenticated SQL injection that allows modification of energy measurement entries. Furthermore, the UPS password reset function can be abused to reset the password without the riello support by calculating the recovery code for resetting the password. "Riello Elettronica, lead by Cav. Lav. Pierantonio Riello, has a presence today in the Electrical manufacturing industry with two divisions: Energy, Automation and Security....

[EN] Multiple Vulnerabilities in Korenix JetPort

Title: Multiple Vulnerabilities Product: Korenix JetPort Vulnerable version: <=1.2 Fixed version: None CVE: CVE-2024-7395, CVE-2024-7396, CVE-2024-7397 Impact: High Homepage: https://korenix.com/ Found: 2024-04-01 The JetPort series is prone to unauthenicated command injection, which allows an attacker to fully compromise the device from the network. "Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. With decades of experiences in the industry, we have developed various product lines [...]. Our products are mainly applied...

[EN] Multiple Vulnerabilities in Perten ProcessPlus

Title: Multiple Vulnerabilities Product: Perten ProcessPlus Vulnerable version: <=1.11.6507.0 Fixed version: 2.0.0 CVE: CVE-2024-6911, CVE-2024-6912, CVE-2024-6913 Impact: High Homepage: https://perkinelmer.com/ Found: 2024-04-24 The ProcessPlus measurement software is prone to local file inclusion, uses default MSSQL credentials, and is executed with unnecessarily high privileges. "For 85 years, PerkinElmer has pushed the boundaries of science from food to health to the environment. We’ve always pursued science with a clear purpose – to help our customers achieve theirs. Our expert team brings technology and intangibles, like creativity, empathy, diligence, and a...

Authenticated Command Injection in Helmholz REX100 Router

Title: Authenticated Command Injection Product: Helmholz Industrial Router REX100, MBConnectline mbNET.mini Vulnerable version: <= 2.2.11 Fixed version: 2.2.13 CVE: CVE-2024-5672 Impact: High Homepage: https://www.helmholz.de/, https://mbconnectline.com/ Found: 2024-05-08 The Helmholz REX100 Router ist prone to an authenticated command injection attack. This allows an attacker to gain root access on the router, which usually acts as key infrastructure device in OT. Helmholz is your specialist when it comes to sophisticated products for your automation projects. With current, clever system solutions from Helmholz, the high demands placed on industrial networks in...

[EN] Multiple Vulnerabilities in SEH untserver Pro

Title: Multiple Vulnerabilities Product: SEH utnserver Pro Vulnerable version: 20.1.22 Fixed version: 20.1.28 CVE: CVE-2024-5420, CVE-2024-5421, CVE-2024-5422 Impact: High Homepage: https://www.seh-technology.com/ Found: 2024-03-04 The untserver Pro ist prone to stored cross-site scripting, file disclosure and denial of service attacks. This allows an attacker to deactivate the device or place malicious code in the web interface of the untserver. We are SEH from Bielefeld - manufacturer of high-quality network solutions. With over 35 years of experience in the fields of printing and networks, we offer our customers a broad...

[EN] Multiple Vulnerabilities in ORing IAP420

Title: Multiple Vulnerabilities Product: ORing IAP-420 Vulnerable version: 2.01e Fixed version: - CVE: CVE-2024-5410, CVE-2024-5411 Impact: High Homepage: https://oringnet.com/ Found: 2024-01-19 The ORing IAP420 is prone to authenticated command injection and stored cross-site scripting. Therefore, an attacker can fully compromize the device via the management interface. Founded in 2005, ORing specializes in developing innovative own-branded products for industrial settings. Over the years, ORing has accumulated abundant experience in wired and wireless network communications industry. In line with the commercialization of 5G, ORing has stretched its arm into the...

[EN] Multiple Vulnerabilities in Korenix JetNet Series

Title: Multiple Vulnerabilities Product: Korenix JetNet Series Vulnerable version: See "Vulnerable versions" Fixed version: - CVE: CVE-2023-5376, CVE-2023-5347 Impact: High Homepage: https://www.korenix.com/ Found: 2023-08-31 Korenix JetNet series is prone to a unauthenticated firmware upgrade, which leads to remote code execution. "Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. With decades of experiences in the industry, we have developed various product lines [...]. Our products are mainly applied in SMART...

[EN] St. Pölten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client, TC Router & Cloud Client

Title: Multiple Vulnerabilities Product: Phoenix Contact TC Cloud Client 1002-4G*, TC Router 3002T-4G, Cloud Client 1101T-TX/TX Vulnerable version: <2.07.2, <2.07.2, <2.06.10 Fixed version: 2.07.2, 2.07.2, 2.06.10 CVE: CVE-2023-3526, CVE-2023-3569 Impact: Medium Homepage: https://www.phoenixcontact.com/ Found: 2023-05-04 By: A. Resanovic, S. Stockinger, T. Etzenberger Disclaimer: This vulnerability was discovery during research at St. Pölten UAS, supported and coordinated by CyberDanube. Phoenix Contact TC Cloud Client, TC Router & Cloud Client are prone to a Stored Cross-Site Scripting (XSS) and Billion laughs attack. At Phoenix Contact, our approach is innovative, sustainable, and based on...