Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   High (7.8) (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Microsoft
Product:   Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Microsoft Windows 10
Microsoft Windows 8.1
Microsoft Windows 7
 
Identifier:   PT-2017-13   Advisory published: 07.05.2017
CVE ID:   CVE-2017-0263   Fix issued: 09-05-2017
Discovered by:
Mikhail Tsvetkov, Positive Research Center (Positive Technologies Company)
 
PT-2017-12 - Intel
Severity:   ()
Vulnerability status:   Unpatched
:  
Vendor:   Intel
 
Timeline   26.07.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 121
Discovered by:
Maxim Goryachy, Mark Ermolov, Positive Research Center (Positive Technologies Company)
 
PT-2017-11 - ABB
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   ABB
 
Timeline   02.04.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-10 - Hirschmann
Severity:   Medium (6.5) (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 253
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-09 - Hirschmann
Severity:   Medium (5.3) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 253
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-08 - Hirschmann
Severity:   Medium (4.2) (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 253
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Mikhail Tsvetkov, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-07 - Hirschmann
Severity:   High (7.5) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 253
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.8) (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Linux
Product:   Linux Kernel 4.10.x
 
Identifier:   PT-2017-06   Advisory published: 28.02.2017
CVE ID:   CVE-2017-2636   Fix issued: 10-03-2017
Discovered by:
Alexander Popov, Positive Research Center (Positive Technologies Company)
 
PT-2017-05 - RocketChat
Severity:   High (7.8) (AV:N/AC:M/Au:N/C:C/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   20.02.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 277
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.1) (AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Kaspersky Labs
Product:   Kaspersky Embedded Systems Security
 
Identifier:   PT-2017-04   Advisory published: 27.01.2017
CVE ID:   N/A   Fix issued: 15-05-2017
Discovered by:
Georgy Zaytsev, Positive Research Center (Positive Technologies Company)