Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Medium (6.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
Product:   Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
 
Identifier:   PT-2017-01   Advisory published: 11.06.2015
CVE ID:   CVE-2016-9334   Fix issued: 05-01-2017
Discovered by:
Alexey Osipov, Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   TP-Link
Product:   TP-LINK AC series models
TP-LINK TL-MR series models
TP-LINK TL-WA series models
TP-LINK TL-WDR series models
TP-LINK TL-WR series models
 
Identifier:   PT-2016-61   Advisory published: 11.03.2015
CVE ID:   N/A   Fix issued: 20-02-2016
Discovered by:
Semen Rozhkov, Positive Research Center (Positive Technologies Company)
 
PT-2016-60 - SAP
Severity:   High (7.2) (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   SAP
 
Timeline   16.12.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 248
Discovered by:
Fedor Kulishov, Dmitry Gutsko, Vyacheslav Mavlyanov, Positive Research Center (Positive Technologies Company)
 
PT-2016-59 - Schneider Electric
Severity:   Medium (6.7) (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Schneider Electric
 
Timeline   13.12.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 251
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-58 - Schneider Electric
Severity:   Medium (6.1) (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Schneider Electric
 
Timeline   13.12.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 251
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-57 - RocketChat
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 298
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2016-56 - RocketChat
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 298
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2016-55 - RocketChat
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 298
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2016-54 - RocketChat
Severity:   High (7.8) (AV:N/AC:M/Au:N/C:C/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 298
Discovered by:
Mikhail Klyuchnikov, Alexandr Shvetsov, Positive Research Center (Positive Technologies Company)
 
PT-2016-53 - Siemens
Severity:   Low (3.3) (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Siemens
 
Timeline   22.07.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 324
Discovered by:
Dmitry Sklyarov, Positive Research Center (Positive Technologies Company)