Maxim Rupp

 
Germany, B  
   



Please feel free to get in touch with me if you have questions or need more information.

You can contact me on Twitter (@mmrupp) or by e-mail.
E-mail: contact@rupp.it / rupp@cure53.de


Use one of the following keys when discussing confidential information:

User ID: contact@rupp.it; Key ID: 0x8D961353; TXT, MIT PGP Key Server
Fingerprint: CCEF 7BF2 19D0 2D97 40F3 5F9F 2970 13B3 8D96 1353

User ID: rupp@cure53.de; Key ID: 0x61552424; TXT, MIT PGP Key Server
Fingerprint: 6040 9340 9A93 3223 4166 8C74 8D5D 7176 6155 2424


Research


Publications

Security Advisory: Vulnerabilities in RUGGEDCOM ROX I / Siemens RX1000; PDF
Security Advisory: Honeywell XL Web II Controller Vulnerabilities; PDF



Recent public ICS-CERT Advisories

These public security advisories are focus on ICS/SCADA and BMS devices and technologies.
Individual pages: Moxa

Moxa OnCell

CVE-2017-7915 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2017-7913 (CWE-256: Plaintext Storage of a Password)
CVE-2017-7917 (CWE-352: Cross-Site Request Forgery)


Detcon SiteWatch Gateway

CVE-2017-6049 (CWE-287: Improper Authentication)
CVE-2017-6047 (CWE-256: Plaintext Storage of a Password)


Advantech B+B SmartWorx MESR901

CVE-2017-7909 (CWE-603: Use of Client-Side Authentication)


Siemens RUGGEDCOM ROX I

CVE-2017-2686 (CWE-285: Improper Authorization)
CVE-2017-2687 (CWE-79: Improper Neutralization of Input During Web Page Generation)
CVE-2017-2688 (CWE-352: Cross-Site Request Forgery)
CVE-2017-2689 (CWE-285: Improper Authorization)


Eaton xComfort Ethernet Communication Interface

CVE-2017-9368 (CWE-284: Improper Access Control)


Honeywell XL Web II Controller Vulnerabilities

CVE-2017-5139 (CWE-256: Plaintext Storage of a Password)
CVE-2017-5140 (CWE-522: Insufficiently Protected Credentials)
CVE-2017-5141 (CWE-384: Session Fixation)
CVE-2017-5142 (CWE-269: Improper Privilege Management)
CVE-2017-5143 (CWE-23: Relative Path Traversal)


Eaton ePDU Path Traversal Vulnerability

CVE-2016-9357 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)


WAGO Ethernet Web-based Management Authentication Bypass Vulnerability

CVE-2016-9362 (CWE-592: Authentication Bypass Issues)


Sauter NovaWeb Web HMI Authentication Bypass Vulnerability

CVE-2016-5782 (CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision)


INTERSCHALT VDR G4e Path Traversal Vulnerability

CVE-2016-9339 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)


Moxa NPort Device Vulnerabilities

CVE-2016-9366 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2016-9365 (CWE-352: Cross-Site Request Forgery)
CVE-2016-9348 (CWE-256: Plaintext Storage of a Password)


Lynxspring JENEsys BAS Bridge Vulnerabilities

CVE-2016-8357 (CWE-264: Permissions, Privileges, and Access Controls)
CVE-2016-8361 (CWE-306: Missing Authentication for Critical Function)
CVE-2016-8378 (CWE-522: Insufficiently Protected Credentials)
CVE-2016-8369 (CWE-352: Cross-Site Request Forgery)


Moxa OnCell Security Vulnerabilities

CVE-2016-8363 (CWE-264: Permissions, Privileges, and Access Controls)
CVE-2016-8362 (CWE-287: Improper Authentication)


Moxa EDR-810 Industrial Secure Router Privilege Escalation

CVE-2016-8346 (CWE-284: Improper Access Control)


American Auto-Matrix Front-End Solutions Vulnerabilities

CVE-2016-2307 (CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program)
CVE-2016-2308 (CWE-256: Plaintext Storage of a Password)


Trane Tracer SC Sensitive Information Exposure Vulnerability

CVE-2016-0870 (CWE-668: Exposure of Resource to Wrong Sphere)


Moxa OnCell Vulnerabilities

CVE-2016-5819 (CWE-79: Improper Neutralization of Input During Web Page Generation)
CVE-2016-5799 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2016-5812 (CWE-256: Plaintext Storage of a Password)


Moxa MGate Authentication Bypass Vulnerability

CVE-2016-5804 (CWE-326: Inadequate Encryption Strength)


Moxa Device Server Web Console Authorization Bypass Vulnerability

CVE-2016-4503 (CWE-639: Authorization Bypass Through User-Controlled Key)


Rexroth Bosch BLADEcontrol-WebVIS Vulnerabilities

CVE-2016-4507 (CWE-564: SQL Injection)
CVE-2016-4508 (CWE-79: Cross-Site Scripting)


KMC Controls Conquest BACnet Router Vulnerabilities

CVE-2016-4494 (CWE-352: Cross-Site Request Forgery)
CVE-2016-4495 (CWE-306: Missing Authentication for Critical Function)


Environmental Systems Corporation Data Controllers Vulnerabilities

CVE-2016-4501 (CWE-287: Improper Authentication)
CVE-2016-4502 (CWE-264: Permissions, Privileges, and Access Controls)


Resource Data Management Intuitive 650 TDB Controller Vulnerabilities

CVE-2016-4505 (CWE-269: Improper Privilege Escalation)
CVE-2016-4506 (CWE-352: Cross-Site Request Forgery)


Moxa EDR-G903 Secure Router Vulnerabilities

CVE-2016-0875 (CWE-284: Improper Access Control)
CVE-2016-0876 (CWE-256: Plaintext Storage of a Password)
CVE-2016-0877 (CWE-401: Improper Release of Memory Before Removing Last Reference)
CVE-2016-0878 (CWE-400: Uncontrolled Resource Consumption
CVE-2016-0879 (CWE-264: Permissions, Privileges, and Access Controls)


Accuenergy Acuvim II Series AXM-NET Module Vulnerabilities

CVE-2016-2293 (CWE-592: Authentication Bypass Issues)
CVE-2016-2294 (CWE-256: Plaintext Storage of a Password)


Sierra Wireless ACEmanager Information Exposure Vulnerability

CVE-2016-6479 (CWE-538: File and Directory Information Exposure)


Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities

CVE-2016-2272 (CWE-565: Reliance on Cookies without Validation and Integrity Checking)
CVE-2016-0871 (CWE-312: Cleartext Storage of Sensitive Information)


ICONICS WebHMI Directory Traversal Vulnerability

CVE-2016-2289 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)


B+B SmartWorx VESP211 Authentication Bypass Vulnerability

CVE-2016-2275 (CWE-603: Use of Client-Side Authentication)


Tollgrade SmartGrid Sensor Management System Software Vulnerabilities

CVE-2016-0863 (CWE-352: Cross-Site Request Forgery)
CVE-2016-0864 (CWE-200: Information Exposure)
CVE-2016-0865 (CWE-522: Insufficiently Protected Credentials)
CVE-2016-0866 (CWE-79: Improper Neutralization of Input During Web Page Generation)


CAREL PlantVisor Enhanced Authentication Bypass Vulnerability

CVE-2015-0867 (CWE-20: Improper Input Validation)


LOYTEC Router Information Exposure Vulnerability

CVE-2015-7906 (CWE-200: Information Exposure)


Honeywell's Midas gas detector

CVE-2015-7907 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
CVE-2015-7908 (CWE-319: Cleartext Transmission of Sensitive Information)


Exemys Web Server Bypass Vulnerability

CVE-2015-7910 (CWE-592: Authentication Bypass issues)


EasyIO-30P-SF Hard-Coded Credential Vulnerability + Supplement

CVE-2015-3974 (CWE-259: Use of Hard-coded Password)


Resource Data Management Privilege Escalation Vulnerability

CVE-2015-6470 (CWE-269: Improper Privilege Management)
CVE-2015-6468 (CWE-352: Cross-Site Request Forgery)


IBC Solar ServeMaster Source Code Vulnerability

CVE-2015-6469 (CWE-200: Information Exposure)
CVE-2015-6474 (CWE-256: Plaintext Storage of a Password)
CVE-2015-6475 (CWE-79: Improper Neutralization of Input During Web Page Generation)


Sinapsi eSolar Light Sinapsi eSolar Light Plaintext Passwords Vulnerability

CVE-2015-3949 (CWE-256: Plain Text Storage of a Password)


RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability

CVE-2015-3951 (CWE-256: Plaintext Storage of a Password)


XZERES 442SR Wind Turbine vulnerability

CVE-2015-0985 (CWE-352: Cross-Site Request Forgery)


XZERES 442SR Wind Turbine CSRF Vulnerability

CVE-2015-3950 (CWE-352: Cross-Site Request Forgery)


Recent public CERT Advisories

Chiyu Technology fingerprint access control contains multiple vulnerabilities

CVE-2015-2870 (CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page)
CVE-2015-2871 (CWE-288: Authentication Bypass Using an Alternate Path or Channel )


Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

CVE-2015-2847 (CWE-603: Use of Client-Side Authentication)
CVE-2015-2848 (CWE-352: Cross-Site Request Forgery)



A more complete list of public advisories can be found here.