Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2016-57 - RocketChat
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 152
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2016-56 - RocketChat
Severity:   Medium (5.0) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 152
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2016-55 - RocketChat
Severity:   Medium (6.4) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 152
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
PT-2016-54 - RocketChat
Severity:   High (7.8) (AV:N/AC:M/Au:N/C:C/I:P/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   RocketChat
 
Timeline   27.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 152
Discovered by:
Mikhail Klyuchnikov, Alexandr Shvetsov, Positive Research Center (Positive Technologies Company)
 
PT-2016-53 - Siemens
Severity:   Low (3.3) (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Siemens
 
Timeline   22.07.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Dmitry Sklyarov, Positive Research Center (Positive Technologies Company)
 
PT-2016-52 - Siemens
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   22.07.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-51 - Schneider Electric
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Schneider Electric
 
Timeline   11.06.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Stephen Nosov, Positive Research Center (Positive Technologies Company)
 
PT-2016-50 - Schneider Electric
Severity:   High (7.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Schneider Electric
 
Timeline   11.06.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Evgeny Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2016-49 - Schneider Electric
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Schneider Electric
 
Timeline   11.06.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Evgeny Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2016-48 - Siemens
Severity:   Medium (5.6) (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Dmitry Sklyarov, Ilya Karpov, Positive Research Center (Positive Technologies Company)