IOActive Security Advisory | Lamassu Douro Bitcoin ATM – Multiple Vulnerabilities
Supporting security advisory/disclosure document (CVE-2024-0175, CVE-2024-0176 and CVE-2024-0177) supporting the Lamassu Douro Bitcoin ATM research by Gabriel Gonzalez, IOActive Director of Hardware Security. IOActive had access to few of these machines, specifically to Lamassu’s Douro ATM. This provided the team with the opportunity to assess the security of these devices – more specifically, to attempt to gain full control over them – assuming the role of an attacker with the same physical access to the device that a regular customer might have.
IOActive Security Advisory | Socomec NET VISION – Multiple Vulnerabilities
IOActive Security Advisory/Disclosure document (CVE TBA) by Daniel Martinez, IOActive Senior Security Consultant, of the multiple vulnerabilities discovered in the Socomec NET VISION devices. Socomec, Inc. (Socomec) is an electrical equipment design and manufacturing company, specializing in low-voltage energy performance in terms of safety, service continuity, quality and energy efficiency. NET VISION is a professional network adapter for monitoring and controlling UPS units from a remote location. It allows direct connection of a UPS to the IPv4 or IPv6 Ethernet network, thereby enabling remote management of the UPS using a…
IOActive Advisory – ID TECH Disclosure
IOActive response to ID TECH’s advisory on the APDU stack overflow research by Josep Pi Rodriguez.
Microsoft Bluetooth Driver Spoofing Vulnerability
CNJ PJeOffice Remote Code Execution in Update Mechanism
Brasil CNJ’s Processo Judicial Eletrônico (PJe) system processes judicial data with the objective of fulfilling the needs of the Brazilian Judiciary Power: the Superior, Military, Labor, and Electoral Courts; the courts of both the Federal Union and individual states; and specialized justice systems that handle ordinary law and employment tribunals at both the federal and state level. The main goal of PJeOffice is to guarantee the legal authenticity and integrity of documents and processes through digital signatures. It is employed by lawyers, judges, and high-level officials, such as prosecutors and…
Moog EXO Series Multiple Vulnerabilities
Moog Inc. (Moog) offers a wide range of camera and video surveillance solutions. These can be network-based or part of more complex tracking systems. The products affected by the vulnerabilities in this security advisory are part of the EXO series, “built tough to withstand extreme temperature ranges, power surges, and heavy impacts.” These units are configurable from a web application. The operating systems running on these cameras are Unix-based. ONVIF Web Service Authentication Bypass Undocumented Hardcoded Credentials Multiple Instances of Unauthenticated XML External Entity (XXE) Attacks statusbroadcast Arbitrary Command Execution…
Verint PTZ Cameras Multiple Vulnerabilities
Verint Systems Inc. (Verint) sells software and hardware solutions to help its clients perform data analysis. Verint also offers IP camera systems and videos solutions. Most of these cameras are configurable from a web application. The operating systems running on these cameras are Unix-based. DM Autodiscovery Service Stack Overflow FTP root User Enabled Undocumented Hardcoded Credentials Access the Advisory (PDF)
GE Grid Solutions Reason RT430 GNSS Precision-Time Clock Multiple Vulnerabilities
GE Grid Solutions’ Reason RT430 GNSS Precision-Time Clock is referenced to GPS and GLONASS satellites. Offering a complete solution, these clocks are the universal precision time synchronization units, with an extensive number of outputs which supports many timing protocols. including the DST rules frequently used on power systems applications. In accordance with IEEE 1588 Precision Time Protocol (PTP), the RT430 is capable of providing multiple IEDs synchronization with better than 100ns time accuracy over Ethernet networks. Despite being likely to never lose time synchronization from satellites, the RT430 GNSS features…
GE Reason S20 Industrial Managed Ethernet Switch Multiple Vulnerabilities
The S20 Ethernet Switch is a device manufactured by GE Grid Solution which is deployed in industrial environments. This device is part of ICS/SCADA architectures. Stored XSS flaws can result in a large number of possible exploitation scenarios. With most XSS flaws, the entirety of the JavaScript language is available to the malicious user.
pppd Vulnerable to Buffer Overflow Due to a Flaw in EAP Packet Processing (CVE-2020-8597)
Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to the execution of unwanted code.