Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

Severity:   High (8.8) (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   Schneider Electric Modicon Quantum
 
Identifier:   PT-2018-15   Advisory published: 28.04.2017
CVE ID:   CVE-2018-7240   Fix issued: 22-03-2018
Discovered by:
Kirill Chernyshov, Alexey Stennikov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.0) (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   PHOENIX CONTACT
Product:   FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
 
Identifier:   PT-2018-14   Advisory published: 22.02.2018
CVE ID:   CVE-2018-10731   Fix issued: 16-05-2018
Discovered by:
Vyacheslav Moskvin, Semen Sokolov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.1) (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   PHOENIX CONTACT
Product:   FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
 
Identifier:   PT-2018-13   Advisory published: 22.02.2018
CVE ID:   CVE-2018-10730   Fix issued: 16-05-2018
Discovered by:
Vyacheslav Moskvin, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   PHOENIX CONTACT
Product:   FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
 
Identifier:   PT-2018-12   Advisory published: 22.02.2018
CVE ID:   CVE-2018-10729   Fix issued: 16-05-2018
Discovered by:
Semen Sokolov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (8.1) (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   PHOENIX CONTACT
Product:   FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
 
Identifier:   PT-2018-11   Advisory published: 22.02.2018
CVE ID:   CVE-2018-10728   Fix issued: 16-05-2018
Discovered by:
Evgeny Druzhinin, Ilya Karpov, Georgy Zaytsev, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Ipswitch
Product:   Ipswitch WhatsUp Gold 17.x
 
Identifier:   PT-2018-10   Advisory published: 21.04.2017
CVE ID:   CVE-2018-8939   Fix issued: 07-03-2018
Discovered by:
Vyacheslav Moskvin, Timofey Milovanov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Ipswitch
Product:   Ipswitch WhatsUp Gold 17.x
 
Identifier:   PT-2018-09   Advisory published: 21.04.2017
CVE ID:   CVE-2018-8938   Fix issued: 07-03-2018
Discovered by:
Vyacheslav Moskvin, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Ipswitch
Product:   Ipswitch WhatsUp Gold 17.x
 
Identifier:   PT-2018-08   Advisory published: 21.04.2017
CVE ID:   CVE-2018-5778   Fix issued: 22-07-2017
Discovered by:
Anton Vaychikauskas, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Ipswitch
Product:   Ipswitch WhatsUp Gold 17.x
 
Identifier:   PT-2018-07   Advisory published: 21.04.2017
CVE ID:   CVE-2018-5777   Fix issued: 22-07-2017
Discovered by:
Vyacheslav Moskvin, Positive Research Center (Positive Technologies Company)
 
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Hirschmann
Product:   RSR
RS
RSB
MACH100
MACH1000
MACH4000
OCTOPUS
MS
 
Identifier:   PT-2018-06   Advisory published: 16.03.2017
CVE ID:   CVE-2018-5469   Fix issued: 06-03-2018
Discovered by:
Ilya Karpov, Evgeniy Druzhinin, and Damir Zainullin, Positive Research Center (Positive Technologies Company)