what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Constantin Schieber-Knöbl

Siemens Unlocked JTAG Interface / Buffer Overflow

Posted Dec 2, 2024

Authored by Stefan Viehboeck, Constantin Schieber-Knöbl | Site sec-consult.com

Various Siemens products suffer from vulnerabilities. There is an unlocked JTAG Interface for Zynq-7000 on SM-2558 and a buffer overflow on the webserver of the SM-2558, CP-2016, and CP-2019 systems.

tags | exploit, overflow, vulnerability

advisories | CVE-2024-31484

SHA-256 | 2548118a58dbb542f0442a86dacdd111ecd924baf60c89a6f4e26ee673279da0

Download | Favorite | View

Siemens CP-8000 / CP-8021 / CP8-022 / CP-8031 / CP-8050 / SICORE Buffer Overread / Escalation

Posted Jul 4, 2024

Authored by Stefan Viehboeck, Gerhard Hechenberger, Steffen Robertz, Constantin Schieber-Knöbl | Site sec-consult.com

Siemens CP-8000, CP-8021, CP8-022, CP-8031, CP-8050, and SICORE products suffer from buffer overread, privilege escalation, and unsafe storage vulnerabilities.

tags | exploit, vulnerability

advisories | CVE-2024-31484, CVE-2024-31485, CVE-2024-31486

SHA-256 | 210325d821a98d66d87a72d0c8a73147b1c6fa89ca3315050b61035edfb74955

Download | Favorite | View

Siemens CP-XXXX Series Exposed Serial Shell

Posted May 28, 2024

Authored by Gerhard Hechenberger, Steffen Robertz, Constantin Schieber-Knöbl | Site sec-consult.com

Siemens CP-XXXX Series (CP-2014, CP-2016, CP-2017, CP-2019, CP-5014) expose serial shells on multiple PLCs. A serial interface can be accessed with physical access to the PCB. After connecting to the interface, access to a shell with various debug functions as well as a login prompt is possible. The hardware is no longer produced nor offered to the market.

tags | exploit, shell

SHA-256 | 440f519186700c01806ac2012a5bbe75033e8be274d7314185fa93b11e2ef29b

Download | Favorite | View

One Identity Password Manager Kiosk Escape Privilege Escalation

Posted Dec 13, 2023

Authored by Constantin Schieber-Knöbl, Armin Weihbold, Stefan Schweighofer | Site sec-consult.com

One Identity Password Manager versions prior to 5.13.1 suffer from a kiosk escape privilege escalation vulnerability.

tags | exploit

advisories | CVE-2023-48654

SHA-256 | 697a67d1e739daefce9d6501eb44b5bb45d5475a33e15ead624f4ab3c2df62f5

Download | Favorite | View

Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection

Posted Jul 11, 2023

Authored by Stefan Viehboeck, Gerhard Hechenberger, Steffen Robertz, Constantin Schieber-Knöbl, Gorazd Jank, Christian Hager | Site sec-consult.com

Siemens A8000 CP-8050 and CP-8031 MASTER MODULE versions 04.92 and below suffer from remote code execution, command injection, hard-coded password, and console login vulnerabilities.

tags | exploit, remote, vulnerability, code execution

advisories | CVE-2023-28489, CVE-2023-33919, CVE-2023-33920, CVE-2023-33921

SHA-256 | 61cdf36c1ecb8a689b5d1609b70af4afbbfe93f06571b226262e46776c6f150b

Download | Favorite | View