Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Advantech
Product:   Advantech Webaccess 8.x
 
Identifier:   PT-2016-06   Advisory published: 15.12.2014
CVE ID:   CVE-2015-3943   Fix issued: 14-01-2016
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.3) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Advantech
Product:   Advantech Webaccess 8.x
 
Identifier:   PT-2016-05   Advisory published: 15.12.2014
CVE ID:   CVE-2015-6467   Fix issued: 14-01-2016
Discovered by:
Alexey Osipov and Mikhail Firstov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.8) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Advantech
Product:   Advantech Webaccess 8.x
 
Identifier:   PT-2016-04   Advisory published: 15.12.2014
CVE ID:   CVE-2015-3946   Fix issued: 14-01-2016
Discovered by:
Mikhail Firstov and Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Advantech
Product:   Advantech Webaccess 8.x
 
Identifier:   PT-2016-03   Advisory published: 15.12.2014
CVE ID:   CVE-2015-3947   Fix issued: 14-01-2016
Discovered by:
Alexey Osipov, Ilya Karpov and Timur Yunusov, Positive Research Center (Positive Technologies Company)
 
Severity:   Low (3.5) (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Advantech
Product:   Advantech Webaccess 8.x
 
Identifier:   PT-2016-02   Advisory published: 15.12.2014
CVE ID:   CVE-2015-3948   Fix issued: 14-01-2016
Discovered by:
Mikhail Firstov and Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (10) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Advantech
Product:   Advantech Webaccess 8.x
 
Identifier:   PT-2016-01   Advisory published: 15.12.2014
CVE ID:   CVE-2016-0854   Fix issued: 14-01-2016
Discovered by:
Alexey Osipov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.5) (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
Product:   Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
 
Identifier:   PT-2015-17   Advisory published: 11.06.2015
CVE ID:   CVE-2015-6486   Fix issued: 27-10-2015
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
Product:   Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
 
Identifier:   PT-2015-16   Advisory published: 11.06.2015
CVE ID:   CVE-2015-6488   Fix issued: 27-10-2015
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (4.3) (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   LiteSpeed Technologies
Product:   LiteSpeed Web Server 4.x
 
Identifier:   PT-2015-15   Advisory published: 20.03.2015
CVE ID:   N/A   Fix issued: 17-04-2015
Discovered by:
Semen Rozhkov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.4) (AV:L/AC:L/Au:S/C:C/I:C/A:P)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Schneider Electric
Product:   InduSoft Web Studio 7.x
InTouch Machine Edition 2014
 
Identifier:   PT-2015-14   Advisory published: 01.04.2014
CVE ID:   CVE-2015-1009   Fix issued: 30-07-2015
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)