10JanMultiple Vulnerabilities in Web Level Control (WLC) Applicationby Yuri Gbur, Senior Security ConsultantCERTAINITY identified multiple vulnerabilities in the Web Level Control application during a penetration testing assessment.
17MaySecurity Advisory: Clock Fault Injection on Mocor OS – Password Bypassby ONEKEY and CERTAINITY Joint Research TeamThis security advisory addresses a vulnerability discovered during a recent forensics engagement. Our investigation together with ONEKEY revealed that the Mocor OS, running on UNISOC SC6531E devices, is susceptible to a clock fault injection attack, which poses a significant threat to user data security and privacy.
17MaySecurity Advisory: Unauthenticated Remote Command Execution in Multiple WAGO Productsby ONEKEY and CERTAINITY Joint Research TeamAs we already demonstrated through our recent advisories (Asus M25 NAS, Phoenix Contact, NetModule , Festo) ONEKEY's zero day identification module is quite versatile when it comes to finding bugs in PHP, Lua, or Python code we find in firmware uploaded to ONEKEY's platform.
05AprSecurity Advisory: Multiple Vulnerabilities in Phoenix Contact Routersby ONEKEY and CERTAINITY Joint Research TeamThis is the fourth security advisory we release together with ONEKEY that is related to the introduction of a “zero-day identification” module that performs static code analysis on proprietary applications found within firmware uploaded to ONEKEY's platform.
03MarSecurity Advisory: Multiple Vulnerabilities in NetModule Routersby ONEKEY and CERTAINITY Joint Research TeamNetModule is an Original Equipment Manufacturer of industrial grade routers. The vulnerabilities identified within the web management interface allow authenticated users to execute arbitrary commands with elevated privileges or to access any file on the system.
