Maxim Rupp
Security Researcher & Consultant,
Germany
* 0x8D961353 / OpenPGP Server
Select Posts

PHOENIX CONTACT FL COM SERVER RS485: Lack of proper ACL (Full Disclosure) and Improper Neutralization (CVE-2017-16723)
Onanimationcancel handler based XSS for FF>=54.0
Security Advisory: Vulnerabilities in RUGGEDCOM ROX I / Siemens RX1000; PDF
Security Advisory: Honeywell XL Web II SA-Honeywell_XL_WEB_II_Controller Vulnerabilities; PDF


Recent Public Security Advisories
by Vendor: Moxa

A complete list of public advisories can be found here. Set out below is an extract from this list.

ABB PVI-AEC-EVO Data Logger
Weak Session Management in Data Logger Web Server

Honeywell IP-AK2
CVE-2019-13525 (CWE-306: Missing Authentication for Critical Function)

ABB UNO-DM (multiple devices)
CWE-287: Improper Authentication and Access Control

TECSON/GOK (multiple devices)
CVE-2019-12254 (CWE-287: Improper Authentication and Access Control)

MIELE XGW 3000 ZigBee Gatewayv
CWE-285: Improper Authorization
CWE-352: Cross-Site Request Forgery

PHOENIX CONTACT FL NAT SMx
CVE-2019-9744 (CWE-284: Improper Access Control)

PHOENIX CONTACT RAD-80211-XD(/HP-BUS)
CVE-2019-9743 (CWE-77: Improper Neutralization of Special Elements used in a Command)

Bosch DIVAR 400 & 600 series Vulnerability v
CWE-284: Improper Access Control
CWE-258: Unprotected Credentials

Bosch Access Easy Controller 2.1 v
CWE-287: Improper Authentication

ABB CMS-770/Busch-Jaeger v
CVE-2018-17928 (CWE-287: Improper Authentication)

ABB M2M ETHERNET v
CVE-2018-17926 (CWE-287: Improper Authentication)

Echelon i.LON 600 v
CWE-288: Authentication Bypass Using an Alternate Path or Channel

Ice Qube Thermal Management Center
CVE-2017-14026 (CWE-284: Improper Access Control)
CVE-2017-16714 (CWE-256: Unprotected Storage of Credentials)

PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH
CVE-2017-16723 (CWE-79: Improper Neutralization of Input During Web Page Generation)

ProMinent MultiFLEX M10a Controller
CVE-2017-14013 (CWE-602: Client-Side Enforcement of Server-Side Security)
CVE-2017-14007 (CWE-613: Insufficient Session Expiration)
CVE-2017-14011 (CWE-352: Cross-Site Request Forgery)
CVE-2017-14009 (CWE-200: Information Exposure)
CVE-2017-14005 (CWE-620: Unverified Password Change)

LAVA Computer MFG Inc. Ether-Serial Link
CVE-2017-14003 (CWE-290: Authentication Bypass by Spoofing)

Siemens 7KT PAC1200 Data Manager
CVE-2017-9944 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)

Ctek, Inc. SkyRouter
CVE-2017-14000 (CWE-287: Improper Authentication)

Siemens LOGO!
CVE-2017-12734 (CWE-522: Insufficiently Protected Credentials)

ABB VSN300 WiFi Logger Card
CVE-2017-7920 (CWE-287: Improper Authentication)
CVE-2017-7916 (CWE-264: Permissions, Privileges, and Access Controls)

BeaconMedaes TotalAlert Scroll Medical Air Systems
CVE-2018-7526 (CWE-284: Improper Access Control)
CVE-2018-7518 (CWE-522: Insufficiently Protected Credentials)
CVE-2018-7510 (CWE-256: Unprotected Storage of Credentials)

ABB IP Gateway
CVE-2017-7931 (CWE-287: Improper Authentication)
CVE-2017-7906 (CWE-352: Cross-Site Request Forgery)
CVE-2017-7933 (CWE-256: Unprotected Storage of Credentials)

and more.