Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Medium (6.4) (AV:L/AC:L/Au:S/C:C/I:C/A:P)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Schneider Electric
Product:   InduSoft Web Studio 7.x
InTouch Machine Edition 2014
 
Identifier:   PT-2015-14   Advisory published: 01.04.2014
CVE ID:   CVE-2015-1009   Fix issued: 30-07-2015
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Siemens
Product:   Siemens SIMATIC HMI Comfort Panels
Siemens SIMATIC WinCC Runtime Advanced
Siemens SIMATIC WinCC (TIA Portal) 13.x
 
Identifier:   PT-2015-13   Advisory published: 22.04.2014
CVE ID:   CVE-2015-2823   Fix issued: 08-04-2015 12:15:00
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.8) (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Siemens
Product:   Siemens SIMATIC WinCC (TIA Portal) 13.x
 
Identifier:   PT-2015-12   Advisory published: 21.09.2012
CVE ID:   CVE-2014-4686   Fix issued: 13-02-2015
Discovered by:
Gleb Gritsai, Roman Ilin, Alexander Tlyapov, and Sergey Gordeychik, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Siemens
Product:   Siemens SIMATIC WinCC (TIA Portal) 13.x
 
Identifier:   PT-2015-11   Advisory published: 21.09.2012
CVE ID:   CVE-2015-1358   Fix issued: 13-02-2015
Discovered by:
Gleb Gritsai, Roman Ilin, Alexander Tlyapov, and Sergey Gordeychik, Positive Research Center (Positive Technologies Company)
 
Severity:   Low (2.6) (AV:L/AC:H/Au:N/C:P/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Siemens
Product:   Siemens SIMATIC STEP 7 (TIA Portal) 13.x
 
Identifier:   PT-2015-10   Advisory published: 21.09.2012
CVE ID:   CVE-2015-1356   Fix issued: 13-02-2015
Discovered by:
Alexander Timorin, Positive Research Center (Positive Technologies Company)
 
Severity:   Low (2.1) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Siemens
Product:   Siemens SIMATIC STEP 7 (TIA Portal) 13.x
 
Identifier:   PT-2015-09   Advisory published: 21.09.2012
CVE ID:   CVE-2015-1355   Fix issued: 13-02-2015
Discovered by:
Alexander Timorin, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.6) (AV:N/AC:H/Au:S/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Inductive Automation
Product:   Ignition 7.x
 
Identifier:   PT-2015-08   Advisory published: 12.02.2015
CVE ID:   N/A   Fix issued: 09-03-2015
Discovered by:
Evgeny Druzhinin, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.5) (AV:A/AC:H/Au:S/C:P/I:C/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Inductive Automation
Product:   Ignition 7.x
 
Identifier:   PT-2015-07   Advisory published: 12.02.2015
CVE ID:   N/A   Fix issued: 09-03-2015
Discovered by:
Evgeny Druzhinin, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.2) (AV:L/AC:L/Au:S/C:C/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Inductive Automation
Product:   Ignition 7.x
 
Identifier:   PT-2015-06   Advisory published: 12.02.2015
CVE ID:   N/A   Fix issued: 09-03-2015
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Inductive Automation
Product:   Ignition 7.x
 
Identifier:   PT-2015-05   Advisory published: 12.02.2015
CVE ID:   N/A   Fix issued: 09-03-2015
Discovered by:
Evgeny Druzhinin and Ilya Karpov, Positive Research Center (Positive Technologies Company)