Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   High (9.1) (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Paessler
Product:   PRTG Network Monitor 18.x
PRTG Network Monitor 17.x
 
Identifier:   PT-2018-23   Advisory published: 25.05.2018
CVE ID:   CVE-2018-19204   Fix issued: 24-09-2018
Discovered by:
Anton Vaychikauskas, Dmitry Galecha, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Paessler
Product:   PRTG Network Monitor 18.x
PRTG Network Monitor 17.x
 
Identifier:   PT-2018-22   Advisory published: 25.05.2018
CVE ID:   CVE-2018-19203   Fix issued: 06-06-2018
Discovered by:
Dmitry Galecha, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
 
Identifier:   PT-2018-21   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7762   Fix issued: 22-03-2018
Discovered by:
Nikita Maximov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon BMXNOR0200
 
Identifier:   PT-2018-20   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7761   Fix issued: 22-03-2018
Discovered by:
Alexander Melkikh, Yuliya Simonova, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
 
Identifier:   PT-2018-19   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7760   Fix issued: 22-03-2018
Discovered by:
Alexey Stennikov, Anton Dorfman, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
 
Identifier:   PT-2018-18   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7759   Fix issued: 22-03-2018
Discovered by:
Nikita Maximov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
 
Identifier:   PT-2018-17   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7242   Fix issued: 22-03-2018
Discovered by:
Nikita Maximov, Ivan Kurnakov, Ilya Karpov, Kirill Chernyshov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
 
Identifier:   PT-2018-16   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7241   Fix issued: 22-03-2018
Discovered by:
Nikita Maximov, Alexey Stennikov, Ilya Karpov, Kirill Chernyshov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (8.8) (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon Quantum
 
Identifier:   PT-2018-15   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7240   Fix issued: 22-03-2018
Discovered by:
Kirill Chernyshov, Alexey Stennikov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.0) (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   PHOENIX CONTACT
Product:   FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
 
Identifier:   PT-2018-14   Advisory published: 22.02.2018
CVE ID:   CVE-2018-10731   Fix issued: 16-05-2018
Discovered by:
Vyacheslav Moskvin, Semen Sokolov, Positive Research Center (Positive Technologies Company)