KLCERT-20-026: Rockwell Automation ISaGRAF Runtime: Information Disclosure due to cleartext storage of passwords in a file and memory
ISaGRAF Runtime stores the password in plaintext in memory and in a file which is located in the same directory with the executable file ISAGRAF.exe.
KLCERT-20-025: Rockwell Automation ISaGRAF Runtime: Information Disclosure due to Hard-coded Cryptographic Key
ISaGRAF Runtime and ISaGRAF Workbench use Tiny Encryption Algorithm (TEA) algorithm with fixed keys to encrypt transmitted passwords over IXL protocol.
KLCERT-20-024: Rockwell Automation ISaGRAF Runtime: Code Execution due to Uncontrolled Search Path Element
ISaGRAF Runtime for Microsoft Windows searches its directory for all files that have extension ".dll" and loads them as dynamic libraries.
KLCERT-20-023: Rockwell Automation ISaGRAF Runtime: Information Disclosure due to Cleartext Transmission of Information over IXL protocol
Data transferred over IXL protocol is unencrypted. An attacker could read and modify all data transferred between ISaGRAF Workbench and ISaGRAF Runtime if the communication is carried out over IXL protocol.
KLCERT-20-022: Rockwell Automation ISaGRAF Runtime: Code Execution due to Relative Path Traversal
Some commands used by the ISaGRAF eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible to traverse the ISaGRAF Runtime application’s directory.
KLCERT-21-032: Robert Bosch GmbH CPP HD/MP cameras. Denial of Service via GET HTTP request
Kaspersky ICS CERT discovered a Denial of Service of the device through GET HTTP request to the web server of camera. It is possible to cause a DoS of the camera via specially crafted HTTP GET request to the web interface of CPP HD/MP cameras.
KLCERT-21-030: Robert Bosch GmbH CPP HD/MP cameras. Improper Input Validation in Web service application
Kaspersky ICS CERT has discovered that the web service of the Robert Bosch GmbH CPP HD/MP cameras does not correctly parse the HTTP protocol. Improper validation of the user’s data input allows an attacker to inject arbitrary HTTP headers through specially crafted URLs.
KLCERT-21-019: Robert Bosch GmbH CPP HD/MP cameras. Reflected XSS in a page parameter
Kaspersky ICS CERT discovered a reflected XSS in a page parameter. It is possible to execute any RCP+ command via RCP+ over CGI, if victim follows the attacker’s malicious link and authenticates into camera.
KLCERT-21-016: Robert Bosch GmbH CPP HD/MP cameras. Multiple reflected XSS in URI handlers
Kaspersky ICS CERT discovered multiple reflected XSS in URI handlers. It is possible to execute any RCP+ command via RCP+ over CGI.
KLCERT-21-014: Robert Bosch GmbH CPP HD/MP cameras. Missing Authentication vulnerability for Critical Functions
Missing authentication for critical functions in CPP HD/MP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings by sending specially crafted requests to the devices.