Home / Advisories / KLCERT advisories

KLCERT advisories

KLCERT-20-026: Rockwell Automation ISaGRAF Runtime: Information Disclosure due to cleartext storage of passwords in a file and memory

13 July 2021

ISaGRAF Runtime stores the password in plaintext in memory and in a file which is located in the same directory with the executable file ISAGRAF.exe.
KLCERT-20-025: Rockwell Automation ISaGRAF Runtime: Information Disclosure due to Hard-coded Cryptographic Key

13 July 2021

ISaGRAF Runtime and ISaGRAF Workbench use Tiny Encryption Algorithm (TEA) algorithm with fixed keys to encrypt transmitted passwords over IXL protocol.
KLCERT-20-024: Rockwell Automation ISaGRAF Runtime: Code Execution due to Uncontrolled Search Path Element

13 July 2021

ISaGRAF Runtime for Microsoft Windows searches its directory for all files that have extension ".dll" and loads them as dynamic libraries.
KLCERT-20-023: Rockwell Automation ISaGRAF Runtime: Information Disclosure due to Cleartext Transmission of Information over IXL protocol

13 July 2021

Data transferred over IXL protocol is unencrypted. An attacker could read and modify all data transferred between ISaGRAF Workbench and ISaGRAF Runtime if the communication is carried out over IXL protocol.
KLCERT-20-022: Rockwell Automation ISaGRAF Runtime: Code Execution due to Relative Path Traversal

13 July 2021

Some commands used by the ISaGRAF eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible to traverse the ISaGRAF Runtime application’s directory.
KLCERT-21-032: Robert Bosch GmbH CPP HD/MP cameras. Denial of Service via GET HTTP request

02 July 2021

Kaspersky ICS CERT discovered a Denial of Service of the device through GET HTTP request to the web server of camera. It is possible to cause a DoS of the camera via specially crafted HTTP GET request to the web interface of CPP HD/MP cameras.
KLCERT-21-030: Robert Bosch GmbH CPP HD/MP cameras. Improper Input Validation in Web service application

02 July 2021

Kaspersky ICS CERT has discovered that the web service of the Robert Bosch GmbH CPP HD/MP cameras does not correctly parse the HTTP protocol. Improper validation of the user’s data input allows an attacker to inject arbitrary HTTP headers through specially crafted URLs.
KLCERT-21-019: Robert Bosch GmbH CPP HD/MP cameras. Reflected XSS in a page parameter

02 July 2021

Kaspersky ICS CERT discovered a reflected XSS in a page parameter. It is possible to execute any RCP+ command via RCP+ over CGI, if victim follows the attacker’s malicious link and authenticates into camera.
KLCERT-21-016: Robert Bosch GmbH CPP HD/MP cameras. Multiple reflected XSS in URI handlers

02 July 2021

Kaspersky ICS CERT discovered multiple reflected XSS in URI handlers. It is possible to execute any RCP+ command via RCP+ over CGI.
KLCERT-21-014: Robert Bosch GmbH CPP HD/MP cameras. Missing Authentication vulnerability for Critical Functions

02 July 2021

Missing authentication for critical functions in CPP HD/MP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings by sending specially crafted requests to the devices.