Hello.


Contact


Please feel free to get in touch with me if you have questions or need more information.
You can contact me on Twitter (@mmrupp) or by e-mail (contact@rupp.it / rupp@cure53.de).

Use one of the following keys when discussing confidential information:

User ID: contact@rupp.it; Key ID: 0x8D961353; TXT, MIT PGP Key Server
Fingerprint: CCEF 7BF2 19D0 2D97 40F3 5F9F 2970 13B3 8D96 1353

User ID: rupp@cure53.de; Key ID: 0x61552424; TXT, MIT PGP Key Server
Fingerprint: 6040 9340 9A93 3223 4166 8C74 8D5D 7176 6155 2424


Experiences


The largest part of the found issues are under NDA and can not be disclosed. Also some of the found issues will not be disclosed to the public from my side due to ethical reasons. Below you can find some part of public research made in spare time and notes.


Notes Archive

Onanimationcancel handler based XSS for FF>=54.0

Security Advisories

Vulnerabilities in RUGGEDCOM ROX I / Siemens RX1000; PDF
Honeywell XL Web II Controller Vulnerabilities; PDF

A more complete list of public advisories can be found here. Set out below is an extract from this list.

Recent public ICS-CERT Advisories

These public security advisories are focus on ICS/SCADA and BMS devices and technologies.
Individual pages: Moxa

ProMinent MultiFLEX M10a Controller

CVE-2017-14013 (CWE-602: Client-Side Enforcement of Server-Side Security)
CVE-2017-14007 (CWE-613: Insufficient Session Expiration)
CVE-2017-14011 (CWE-352: Cross-Site Request Forgery)
CVE-2017-14009 (CWE-200: Information Exposure)
CVE-2017-14005 (CWE-620: Unverified Password Change)


LAVA Computer MFG Inc. Ether-Serial Link

CVE-2017-14003 (CWE-290: Authentication Bypass by Spoofing)


Siemens 7KT PAC1200 Data Manager

CVE-2017-9944 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)


Ctek, Inc. SkyRouter

CVE-2017-14000 (CWE-287: Improper Authentication)


Siemens LOGO!

CVE-2017-12734 (CWE-522: Insufficiently Protected Credentials)


ABB VSN300 WiFi Logger Card

CVE-2017-7920 (CWE-287: Improper Authentication)
CVE-2017-7916 (CWE-264: Permissions, Privileges, and Access Controls)


Newport XPS-Cx, XPS-Qx

CVE-2017-7919 (CWE-287: Improper Authentication)


Moxa OnCell

CVE-2017-7915 (CWE-307: Improper Restriction of Excessive Authentication Attempts)
CVE-2017-7913 (CWE-256: Plaintext Storage of a Password)
CVE-2017-7917 (CWE-352: Cross-Site Request Forgery)


Detcon SiteWatch Gateway

CVE-2017-6049 (CWE-287: Improper Authentication)
CVE-2017-6047 (CWE-256: Plaintext Storage of a Password)


Advantech B+B SmartWorx MESR901

CVE-2017-7909 (CWE-603: Use of Client-Side Authentication)


Siemens RUGGEDCOM ROX I

CVE-2017-2686 (CWE-285: Improper Authorization)
CVE-2017-2687 (CWE-79: Improper Neutralization of Input During Web Page Generation)
CVE-2017-2688 (CWE-352: Cross-Site Request Forgery)
CVE-2017-2689 (CWE-285: Improper Authorization)


See more ...

Recent public CERT Advisories

Chiyu Technology fingerprint access control contains multiple vulnerabilities

CVE-2015-2870 (CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page)
CVE-2015-2871 (CWE-288: Authentication Bypass Using an Alternate Path or Channel )


Honeywell Tuxedo Touch Controller contains multiple vulnerabilities

CVE-2015-2847 (CWE-603: Use of Client-Side Authentication)
CVE-2015-2848 (CWE-352: Cross-Site Request Forgery)




Best regards
Last updated: October 2017