10
Jan
Multiple Vulnerabilities in Web Level Control (WLC) Application
by Yuri Gbur, Senior Security Consultant
CERTAINITY identified multiple vulnerabilities in the Web Level Control application during a penetration testing assessment.
17
May
Security Advisory: Clock Fault Injection on Mocor OS – Password Bypass
by ONEKEY and CERTAINITY Joint Research Team
This security advisory addresses a vulnerability discovered during a recent forensics engagement. Our investigation together with ONEKEY revealed that the Mocor OS, running on UNISOC SC6531E devices, is susceptible to a clock fault injection attack, which poses a significant threat to user data security and privacy.
17
May
Security Advisory: Unauthenticated Remote Command Execution in Multiple WAGO Products
by ONEKEY and CERTAINITY Joint Research Team
As we already demonstrated through our recent advisories (Asus M25 NAS, Phoenix Contact, NetModule , Festo) ONEKEY's zero day identification module is quite versatile when it comes to finding bugs in PHP, Lua, or Python code we find in firmware uploaded to ONEKEY's platform.
05
Apr
Security Advisory: Multiple Vulnerabilities in Phoenix Contact Routers
by ONEKEY and CERTAINITY Joint Research Team
This is the fourth security advisory we release together with ONEKEY that is related to the introduction of a “zero-day identification” module that performs static code analysis on proprietary applications found within firmware uploaded to ONEKEY's platform.
03
Mar
Security Advisory: Multiple Vulnerabilities in NetModule Routers
by ONEKEY and CERTAINITY Joint Research Team
NetModule is an Original Equipment Manufacturer of industrial grade routers. The vulnerabilities identified within the web management interface allow authenticated users to execute arbitrary commands with elevated privileges or to access any file on the system.