Information Disclosure

Java SE and Java SE Embedded are vulnerable to information disclosure attacks. This allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, which leads to elevated privilege gaining and application crashing...

PT-2016-33: Privilege Gaining in Siemens SICAM PAS

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SICAM PAS. SICAM PAS has a factory account with hardcoded passwords, which allows attackers to gain privileged access to the database via TCP port 2638. How to fix Update your software up to...

PT-2015-07: Privilege Gaining in Inductive Automation Ignition

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Inductive Automation Ignition. After user’s logout session is not removed which could lead to session reuse by attacker with privileges of the same user. How to fix Update your sofware up to the...

PT-2014-05: Privilege Gaining in Nixu Namesurfer

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Nixu Namesurfer. An attacker could assign the $PATH variable with the path to his/her malicious file. An application with the suid bit will execute it. Thus the attacker will receive the highest...

PT-2014-14: Privilege Gaining in Siemens SIMATIC WinCC

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in SIMATIC WinCC. The database server of SIMATIC WinCC could allow authenticated users to escalate their privileges in the database if a specially crafted command is sent to the database server at port...

DataLife Engine 9.7 Session Fixation

----------------------------------------------------------- PT-2012-53 Positive Technologies Security Advisory Privilege Gaining in DataLife Engine ----------------------------------------------------------- --- Vulnerable software DataLife Engine Version: 9.7 and earlier Application link:...

PT-2014-13: Privilege Gaining in Siemens SIMATIC WinCC

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in SIMATIC WinCC. Existing access control of the WinCC WebNavigator server at port 80/tcp and port 443/tcp could allow remote authenticated users to escalate their privileges in WinCC. How to fix Updat...

PT-2015-10: Privilege Gaining in Siemens SIMATIC STEP 7 (TIA Portal)

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC STEP 7 TIA Portal. Vulnerability exists in TIA Portal due to improper integrity protection of project-file fields containing user’s privileges, which allows attackers to modify user...

PT-2015-12: Privilege Gaining in Siemens SIMATIC WinCC (TIA Portal)

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC WinCC TIA Portal. Vulnerability exists due to a hard coded encryption key in WinCC RT Professional, which allows remote attackers to obtain sensitive information and escalate their...

PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0

The specialists of the Positive Research center have revealed privilege gaining vulnerability in ManageEngine ServiceDesk Plus. Insufficient privilege validation allows attackers with guest privileges account guest/guest to create a user with servicedesk administrator privileges via HTTP GET...