Research Lab

Positive Technologies Research Team and SecurityLab are willing to cooperate with independent researches in the analysis of the discovered vulnerabilities, in contacts with software vendors and CVE Number Reservation process. The vulnerabilities will be published in sections "Laboratory" and PT-advisory. The name of the researches will be preserved.

Our disclosure policy: en.securitylab.ru/lab/disclosure-policy.php

PT-2016-47 - Siemens
Severity:   Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-46 - Siemens
Severity:   High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Dmitry Sklyarov, Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-45 - Siemens
Severity:   High (9.4) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   17.12.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Dmitry Sklyarov, Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-44 - Siemens
Severity:   High (9.0) (AV:N/AC:L/AU:S/C:C/I:C/A:C)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Siemens
 
Timeline   05.11.2015 - Vendor gets vulnerability details
28.01.2016 - Vendor releases fixed version and details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-43 - General Electric
Severity:   Medium (4.6) (AV:L/AC:L/Au:S/C:N/I:N/A:C)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   General Electric
 
Timeline   05.08.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-42 - General Electric
Severity:   Medium (6.4) (AV:L/AC:L/Au:S/C:C/I:P/A:C)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   General Electric
 
Timeline   05.08.2015 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   Medium (6.4) (AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L)
Vulnerability status:   Patched
Exploitation vector:   Local
Vendor:   General Electric
Product:   Proficy HMI/SCADA iFIX 5.x
Proficy HMI/SCADA - CIMPLICITY 9.x
Proficy Historian 6.x
 
Identifier:   PT-2016-41   Advisory published: 05.08.2015
CVE ID:   CVE-2016-9360   Fix issued: 01-12-2016
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-40 - Schneider Electric
Severity:   High (8.7) (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Schneider Electric
 
Timeline   10.02.2014 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
Severity:   High (7.6) (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N)
Vulnerability status:   Patched
Exploitation vector:   Remote
Vendor:   Schneider Electric
Product:   StruxureWare Data Center Expert 7.x
 
Identifier:   PT-2016-39   Advisory published: 11.06.2016
CVE ID:   N/A   Fix issued: 08-12-2016
Discovered by:
Ilya Karpov, Positive Research Center (Positive Technologies Company)
 
PT-2016-38 - Intel
Severity:   Medium (6.2) (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Vulnerability status:   Unpatched
Exploitation vector:   Local
Vendor:   Intel
 
Timeline   01.10.2016 - Vendor gets vulnerability details
 
Days sinse vendor notification: 178
Discovered by:
Positive Research Center (Positive Technologies Company)