Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2016-52 - Siemens
Severity:   High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   22.07.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-51 - Schneider Electric
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Schneider Electric
 
Timeline   11.06.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Stephen Nosov, Positive Research Center (Positive Technologies Company)
 
PT-2016-50 - Schneider Electric
Severity:   High (7.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Schneider Electric
 
Timeline   11.06.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Evgeny Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2016-49 - Schneider Electric
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Schneider Electric
 
Timeline   11.06.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Evgeny Druzhinin, Positive Research Center (Positive Technologies Company)
 
PT-2016-48 - Siemens
Severity:   Medium (5.6) (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Dmitry Sklyarov, Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-47 - Siemens
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-46 - Siemens
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Dmitry Sklyarov, Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-45 - Siemens
Severity:   High (9.4) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Dmitry Sklyarov, Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-44 - Siemens
Severity:   High (9.0) (AV:N/AC:L/AU:S/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   05.11.2015 - Vendor gets vulnerability details
28.01.2016 - Vendor releases fixed version and details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-43 - General Electric
Severity:   Medium (4.6) (AV:L/AC:L/Au:S/C:N/I:N/A:C)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   General Electric
 
Timeline   05.08.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 236
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)