PT-2016-33: Privilege Gaining in Siemens SICAM PAS

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SICAM PAS. SICAM PAS has a factory account with hardcoded passwords, which allows attackers to gain privileged access to the database via TCP port 2638. How to fix Update your software up to...

PT-2015-07: Privilege Gaining in Inductive Automation Ignition

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Inductive Automation Ignition. After user’s logout session is not removed which could lead to session reuse by attacker with privileges of the same user. How to fix Update your sofware up to the...

PT-2014-14: Privilege Gaining in Siemens SIMATIC WinCC

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in SIMATIC WinCC. The database server of SIMATIC WinCC could allow authenticated users to escalate their privileges in the database if a specially crafted command is sent to the database server at port...

PT-2015-12: Privilege Gaining in Siemens SIMATIC WinCC (TIA Portal)

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in Siemens SIMATIC WinCC TIA Portal. Vulnerability exists due to a hard coded encryption key in WinCC RT Professional, which allows remote attackers to obtain sensitive information and escalate their...

PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0

The specialists of the Positive Research center have revealed privilege gaining vulnerability in ManageEngine ServiceDesk Plus. Insufficient privilege validation allows attackers with guest privileges account guest/guest to create a user with servicedesk administrator privileges via HTTP GET...