Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   High (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Dahua Technology
:  
 
Identifier:   PT-2017-54   Advisory published: 20.02.2017
CVE ID:   CVE-2017-3223   Fix issued: 17-07-2017
Discovered by:
Ilya Smith, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
Product:   Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
 
Identifier:   PT-2017-53   Advisory published: 27.10.2015
CVE ID:   CVE-2017-7903   Fix issued: 23-05-2017
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
Product:   Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
 
Identifier:   PT-2017-52   Advisory published: 27.10.2015
CVE ID:   CVE-2017-7899   Fix issued: 23-05-2017
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2017-51 - Rockwell Automation
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
 
Timeline   23.10.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 272
Discovered by:
Ilya Karpov, Dmitry Sklyarov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-50 - Rockwell Automation
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
 
Timeline   23.10.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 272
Discovered by:
Ilya Karpov, Dmitry Sklyarov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-49 - Rockwell Automation
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
 
Timeline   23.10.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 272
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-48 - Rockwell Automation
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
 
Timeline   23.10.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 272
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-47 - Rockwell Automation
Severity:   Medium (6.2) (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Rockwell Automation
 
Timeline   23.10.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 272
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2017-46 - Moxa
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   04.09.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 321
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
PT-2017-45 - Moxa
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Moxa
 
Timeline   04.09.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 321
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)