Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2017-29 - PHOENIX CONTACT
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   PHOENIX CONTACT
 
Timeline   02.08.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 135
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-28 - PHOENIX CONTACT
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   PHOENIX CONTACT
 
Timeline   02.08.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 135
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-27 - Moxa
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-26 - Moxa
Severity:   Medium (6.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-25 - Moxa
Severity:   Medium (6.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-24 - Moxa
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
PT-2017-23 - Moxa
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
PT-2017-22 - Moxa
Severity:   Medium (4.9) (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
PT-2017-21 - Moxa
Severity:   Medium (4.9) (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
PT-2017-20 - Moxa
Severity:   Medium (4.9) (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   09.05.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 142
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)