Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Vertiv
Product:   Liebert SiteScan 6.x
 
Identifier:   PT-2016-35   Advisory published: 03.10.2013
CVE ID:   CVE-2016-8348   Fix issued: 29-11-2016
Discovered by:
Evgeny Ermakov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.8) (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Siemens
Product:   Siemens SICAM PAS
 
Identifier:   PT-2016-34   Advisory published: 15.01.2016
CVE ID:   CVE-2016-8566   Fix issued: 25-11-2016
Discovered by:
Ilya Karpov, Dmitry Sklyarov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Siemens
Product:   Siemens SICAM PAS
 
Identifier:   PT-2016-33   Advisory published: 15.01.2016
CVE ID:   CVE-2016-8567   Fix issued: 25-11-2016
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   VMWare
Product:   VMware vCenter Server 5.5
VMware vCenter Server 6.0
VMware vRealize Automation 7.x
 
Identifier:   PT-2016-32   Advisory published: 23.10.2015
CVE ID:   CVE-2016-7460   Fix issued: 22-11-2016
Discovered by:
Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, Arseniy Sharoglazov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.0) (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   VMWare
Product:   VMware vCenter Server 5.5
VMware vCenter Server 6.0
 
Identifier:   PT-2016-31   Advisory published: 23.10.2015
CVE ID:   CVE-2016-7459   Fix issued: 22-11-2016
Discovered by:
Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, Arseniy Sharoglazov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   VMWare
Product:   VMware vSphere Client 5.5
VMware vSphere Client 6.0
 
Identifier:   PT-2016-30   Advisory published: 23.10.2015
CVE ID:   CVE-2016-7458   Fix issued: 22-11-2016
Discovered by:
Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, Arseniy Sharoglazov, Positive Research Center (Positive Technologies Company)
 
Severity:   Low (1.9) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Siemens
Product:   Siemens SICAM PAS
 
Identifier:   PT-2016-29   Advisory published: 15.01.2016
CVE ID:   CVE-2016-5849   Fix issued: 30-06-2016
Discovered by:
Ilya Karpov, Dmitry Sklyarov, Positive Research Center (Positive Technologies Company)
 
Severity:   Low (1.7) (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Siemens
Product:   Siemens SICAM PAS 8.x
 
Identifier:   PT-2016-28   Advisory published: 15.01.2016
CVE ID:   CVE-2016-5848   Fix issued: 30-06-2016
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-27 - SAP
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   SAP
 
Timeline   15.09.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 85
Discovered by:
Mikhail Stepankin, Positive Research Center (Positive Technologies Company)
 
PT-2016-26 - SAP
Severity:   Medium (5.8) (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   SAP
 
Timeline   15.09.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 85
Discovered by:
Mikhail Stepankin, Positive Research Center (Positive Technologies Company)