This week we have a vendor vulnerability disclosure (with
related exploit) for products from KONE, two medical device exploits (possible 0-day)
for products from Softneta, and an ICS communications exploit (possible 0-day)
for products from Endress+Hauser.
KONE Advisory and Exploit
KONE published an advisory for their Group
Controller (KGC) computer for elevators. The advisory describes four vulnerabilities.
The vulnerabilities were reported by Sebastian Neuner who has published proof of
concept exploits for the vulnerabilities. KONE has a new software version that
mitigates the vulnerabilities. There is no indication that Neuner has been
provided an opportunity to verify the efficacy of the fixes.
The four reported vulnerabilities are:
• Unauthenticated remote code
execution - CVE-2018-15484;
• Unauthenticated local file
inclusion/modification - CVE-2018-15486;
• FTP without authentication and
authorization- CVE-2018-15485; and
• Denial of service - CVE-2018-15483
KONE reports that successful exploits of these vulnerabilities
will not affect the safe operation of the connected elevators but may result in
a denial of service.
Softneta Exploits
Carlos Avila published exploits for two vulnerabilities (here and here) for the Softneta MedDream
picture archiving and communication system (PACS) server. No CVE has been
provided and there are no security advisories on the MedDream
web site so these may be 0-day vulnerabilities.
The two vulnerabilities are:
• Directory traversal; and
• SQL injection
Endress+Hauser Exploit
Hamit CİBO published an exploit for
a directory traversal vulnerability in the Endress+Hauser WirelessHART
Fieldgate SWG70. There is no CVE listed and there are no security advisories on
the Endress+Hauser
web site so this could be a 0-day vulnerability. It does appear that CİBO previously published a similar
exploit in June of this year.
Posts
No comments:
Post a Comment