Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2017-11 - ABB
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   ABB
 
Timeline   02.04.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 140
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-10 - Hirschmann
Severity:   Medium (6.5) (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 157
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-09 - Hirschmann
Severity:   Medium (5.3) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 157
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-08 - Hirschmann
Severity:   Medium (4.2) (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 157
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Mikhail Tsvetkov, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-07 - Hirschmann
Severity:   High (7.5) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 157
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.8) (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Linux
Product:   Linux Kernel 4.10.x
 
Identifier:   PT-2017-06   Advisory published: 28.02.2017
CVE ID:   CVE-2017-2636   Fix issued: 10-03-2017
Discovered by:
Alexander Popov, Positive Research Center (Positive Technologies Company)
 
PT-2017-05 - RocketChat
Severity:   High (7.8) (AV:N/AC:M/Au:N/C:C/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   20.02.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 181
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2017-04 - Kaspersky Labs
Severity:   High (7.0) (AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Kaspersky Labs
 
Timeline   27.01.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 205
Discovered by:
Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
Severity:   High (8.8) (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   GMV
Product:   Checker ATM Security
 
Identifier:   PT-2017-03   Advisory published: 18.01.2017
CVE ID:   CVE-2017-6968   Fix issued: 06-04-2017
Discovered by:
Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
Severity:   Low (2.7) (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
Product:   Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
 
Identifier:   PT-2017-02   Advisory published: 11.06.2015
CVE ID:   CVE-2016-9338   Fix issued: 05-01-2017
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)