Maxim
Rupp
If you are interested in exploring a commercial partnership or want to collaborate, contact me.

contact@rupp.it (PGP/MIME: 0x8D961353/MIT PGP Key Server. S/MIME: .crt)
rupp@cure53.de (PGP/MIME: 0x61552424/MIT PGP Key Server)
@mmrupp

The most considerable part of the found issues are under NDA and can not be disclosed.
Some of the public work and research made in spare time includes, but are not limited to:

Post: Onanimationcancel handler based XSS for FF>=54.0
Security Advisory: Vulnerabilities in RUGGEDCOM ROX I / Siemens RX1000; PDF
Security Advisory: Honeywell XL Web II Controller Vulnerabilities; PDF

A complete list of public advisories can be found here. Set out below is an extract from this list.

Recent public ICS-CERT Advisories

This section focuses on public security advisories for ICS/SCADA and BMS environments.
Individual pages: Moxa

BeaconMedaes TotalAlert Scroll Medical Air Systems
CVE-2018-7526 (CWE-284: Improper Access Control)
CVE-2018-7518 (CWE-522: Insufficiently Protected Credentials)
CVE-2018-7510 (CWE-256: Unprotected Storage of Credentials)

ABB IP Gateway
CVE-2017-7931 (CWE-287: Improper Authentication)
CVE-2017-7906 (CWE-352: Cross-Site Request Forgery)
CVE-2017-7933 (CWE-256: Unprotected Storage of Credentials)

PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH
CVE-2017-16723 (CWE-79: Improper Neutralization of Input During Web Page Generation)

ProMinent MultiFLEX M10a Controller
CVE-2017-14013 (CWE-602: Client-Side Enforcement of Server-Side Security)
CVE-2017-14007 (CWE-613: Insufficient Session Expiration)
CVE-2017-14011 (CWE-352: Cross-Site Request Forgery)
CVE-2017-14009 (CWE-200: Information Exposure)
CVE-2017-14005 (CWE-620: Unverified Password Change)

LAVA Computer MFG Inc. Ether-Serial Link
CVE-2017-14003 (CWE-290: Authentication Bypass by Spoofing)

Siemens 7KT PAC1200 Data Manager
CVE-2017-9944 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)

Ctek, Inc. SkyRouter
CVE-2017-14000 (CWE-287: Improper Authentication)

Siemens LOGO!
CVE-2017-12734 (CWE-522: Insufficiently Protected Credentials)

ABB VSN300 WiFi Logger Card
CVE-2017-7920 (CWE-287: Improper Authentication)
CVE-2017-7916 (CWE-264: Permissions, Privileges, and Access Controls)

Newport XPS-Cx, XPS-Qx
CVE-2017-7919 (CWE-287: Improper Authentication)
and more.

・ω・