Hello.

Please feel free to get in touch with me if you have questions or need more information.
You can contact me on Twitter (@mmrupp) or by e-mail (contact@rupp.it / rupp@cure53.de).

Use one of the following keys when discussing confidential information:

User ID: contact@rupp.it; Key ID: 0x8D961353; TXT, MIT PGP Key Server
Fingerprint: CCEF 7BF2 19D0 2D97 40F3 5F9F 2970 13B3 8D96 1353

User ID: rupp@cure53.de; Key ID: 0x61552424; TXT, MIT PGP Key Server
Fingerprint: 6040 9340 9A93 3223 4166 8C74 8D5D 7176 6155 2424

The largest part of the found issues are under NDA and can not be disclosed. Also some of the found issues will not be disclosed to the public from my side due to ethical reasons. Below you can find some part of public research made in spare time and notes.



Publications

Note: Onanimationcancel handler based XSS for FF>=54.0
Security Advisory: Vulnerabilities in RUGGEDCOM ROX I / Siemens RX1000; PDF
Security Advisory: Honeywell XL Web II Controller Vulnerabilities; PDF


Recent public ICS-CERT Advisories

These public security advisories are focus on ICS/SCADA and BMS devices and technologies.
Individual pages: Moxa

ABB VSN300 WiFi Logger Card

CVE-2017-7920 (CWE-287: Improper Authentication)
CVE-2017-7916 (CWE-264: Permissions, Privileges, and Access Controls)


Newport XPS-Cx, XPS-Qx

CVE-2017-7919 (CWE-287: Improper Authentication)


Moxa OnCell

CVE-2017-7915 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2017-7913 (CWE-256: Plaintext Storage of a Password)
CVE-2017-7917 (CWE-352: Cross-Site Request Forgery)


Detcon SiteWatch Gateway

CVE-2017-6049 (CWE-287: Improper Authentication)
CVE-2017-6047 (CWE-256: Plaintext Storage of a Password)


Advantech B+B SmartWorx MESR901

CVE-2017-7909 (CWE-603: Use of Client-Side Authentication)


Siemens RUGGEDCOM ROX I

CVE-2017-2686 (CWE-285: Improper Authorization)
CVE-2017-2687 (CWE-79: Improper Neutralization of Input During Web Page Generation)
CVE-2017-2688 (CWE-352: Cross-Site Request Forgery)
CVE-2017-2689 (CWE-285: Improper Authorization)


Eaton xComfort Ethernet Communication Interface

CVE-2017-9368 (CWE-284: Improper Access Control)


Honeywell XL Web II Controller Vulnerabilities

CVE-2017-5139 (CWE-256: Plaintext Storage of a Password)
CVE-2017-5140 (CWE-522: Insufficiently Protected Credentials)
CVE-2017-5141 (CWE-384: Session Fixation)
CVE-2017-5142 (CWE-269: Improper Privilege Management)
CVE-2017-5143 (CWE-23: Relative Path Traversal)


Eaton ePDU Path Traversal Vulnerability

CVE-2016-9357 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)


WAGO Ethernet Web-based Management Authentication Bypass Vulnerability

CVE-2016-9362 (CWE-592: Authentication Bypass Issues)


See more ...

Recent public CERT Advisories

Chiyu Technology fingerprint access control contains multiple vulnerabilities

CVE-2015-2870 (CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page)
CVE-2015-2871 (CWE-288: Authentication Bypass Using an Alternate Path or Channel )


Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

CVE-2015-2847 (CWE-603: Use of Client-Side Authentication)
CVE-2015-2848 (CWE-352: Cross-Site Request Forgery)



A more complete list of public advisories can be found here.