Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   Medium (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
 
Identifier:   PT-2018-37   Advisory published: 20.02.2016
CVE ID:   CVE-2018-7245   Fix issued: 15-03-2018
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
 
Identifier:   PT-2018-36   Advisory published: 20.02.2016
CVE ID:   CVE-2018-7244   Fix issued: 15-03-2018
Discovered by:
Ilya Karpov, Evgeny Druzhinin, Positive Research Center (Positive Technologies Company)
 
Severity:   High (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
 
Identifier:   PT-2018-35   Advisory published: 20.02.2016
CVE ID:   CVE-2018-7243   Fix issued: 15-03-2018
Discovered by:
Ilya Karpov, Stephen Nosov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.9) (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   NetSDK Software
Product:   S3 Browser 7.x
 
Identifier:   PT-2018-34   Advisory published: 09.10.2018
CVE ID:   CVE-2018-20298   Fix issued: 18-12-2018
Discovered by:
Igor Kanygin, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.5) AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   NCR
Product:   NCR S1
 
Identifier:   PT-2018-33   Advisory published: 23.06.2017
CVE ID:   CVE-2017-17668   Fix issued: 06-02-2018
Discovered by:
Vladimir Kononovich, Alexey Stennikov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.5) AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   NCR
Product:   NCR S1
 
Identifier:   PT-2018-32   Advisory published: 23.06.2017
CVE ID:   CVE-2017-17668   Fix issued: 06-02-2018
Discovered by:
Vladimir Kononovich, Alexey Stennikov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.3) AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Cisco
Product:   Cisco Secure ACS 5.x
 
Identifier:   PT-2018-31   Advisory published: 01.06.2017
CVE ID:   CVE-2018-0218   Fix issued: 07-03-2018
Discovered by:
Mikhail Klyuchnikov, Yury Aleynov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.3) AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   Cisco
Product:   Cisco Secure ACS 5.x
 
Identifier:   PT-2018-30   Advisory published: 01.06.2017
CVE ID:   CVE-2018-0207   Fix issued: 07-03-2018
Discovered by:
Mikhail Klyuchnikov, Yury Aleynov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.4) AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Cisco
Product:   Cisco Secure ACS 5.x
 
Identifier:   PT-2018-29   Advisory published: 01.06.2017
CVE ID:   CVE-2017-6769   Fix issued: 26-07-2017
Discovered by:
Mikhail Klyuchnikov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Cisco
Product:   Cisco Secure ACS 5.x
 
Identifier:   PT-2018-28   Advisory published: 01.06.2017
CVE ID:   CVE-2018-0147   Fix issued: 07-03-2018
Discovered by:
Mikhail Klyuchnikov, Yury Aleynov, Positive Research Center (Positive Technologies Company)