ADVISORIES | March 5, 2024

IOActive Security Advisory | Socomec NET VISION – Multiple Vulnerabilities

By Daniel Martinez

IOActive Security Advisory/Disclosure document (CVE TBA) by Daniel Martinez, IOActive Senior Security Consultant, of the multiple vulnerabilities discovered in the Socomec NET VISION devices.

Socomec, Inc. (Socomec) is an electrical equipment design and manufacturing company, specializing in low-voltage energy performance in terms of safety, service continuity, quality and energy efficiency. NET VISION is a professional network adapter for monitoring and controlling UPS units from a remote location. It allows direct connection of a UPS to the IPv4 or IPv6 Ethernet network, thereby enabling remote management of the UPS using a web browser, a TELNET interface, or an NMS application via SNMP protocol.

Get the IOActive Security Advisory

ADVISORIES | June 18, 2020

Moog EXO Series Multiple Vulnerabilities

By Mario Ballano Gabriel Gonzalez Josep Pi Rodriguez & Simon Robin

Moog Inc. (Moog) offers a wide range of camera and video surveillance solutions. These can be network-based or part of more complex tracking systems. The products affected by the vulnerabilities in this security advisory are part of the EXO series, “built tough to withstand extreme temperature ranges, power surges, and heavy impacts.” These units are configurable from a web application. The operating systems running on these cameras are Unix-based.

ONVIF Web Service Authentication Bypass
Undocumented Hardcoded Credentials
Multiple Instances of Unauthenticated XML External Entity (XXE) Attacks
statusbroadcast Arbitrary Command Execution as root

Access the Advisory (PDF)

By continuing to use the site, you agree to the use of cookies. more information