Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2017-11 - ABB
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   ABB
 
Timeline   02.04.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 25
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-10 - Hirschmann
Severity:   Medium (6.5) (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 42
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-09 - Hirschmann
Severity:   Medium (5.3) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 42
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-08 - Hirschmann
Severity:   Medium (4.2) (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 42
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Mikhail Tsvetkov, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
PT-2017-07 - Hirschmann
Severity:   High (7.5) (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Hirschmann
 
Timeline   16.03.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 42
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, Damir Zainullin, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.8) (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Linux
Product:   Linux Kernel 4.10.x
 
Identifier:   PT-2017-06   Advisory published: 28.02.2017
CVE ID:   CVE-2017-2636   Fix issued: 10-03-2017
Discovered by:
Alexander Popov, Positive Research Center (Positive Technologies Company)
 
PT-2017-05 - RocketChat
Severity:   High (7.8) (AV:N/AC:M/Au:N/C:C/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   20.02.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 66
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2017-04 - Kaspersky Labs
Severity:   High (7.0) (AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Kaspersky Labs
 
Timeline   27.01.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 90
Discovered by:
Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
PT-2017-03 - GMV
Severity:   High (8.5) (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   GMV
 
Timeline   18.01.2017 - Vendor gets vulnerability details
 
Days sinse vendor notification: 99
Discovered by:
Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
Severity:   Low (2.7) (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Rockwell Automation
Product:   Rockwell Automation 1763 MicroLogix 1100 Controllers
Rockwell Automation 1766 MicroLogix 1400 Controllers
 
Identifier:   PT-2017-02   Advisory published: 11.06.2015
CVE ID:   CVE-2016-9338   Fix issued: 05-01-2017
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)