Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)

Pentagrid AG

2023-09-19 07:00

Today we publish an advisory for a specific function in Wind River's VxWorks operating system.

VxWorks is a real-time operating system used in many embedded devices in high-availability environments with high safety and security requirements. This includes important industrial, medical, airospace, networking and automotive devices. For example, NASA's Curiosity rover currently deployed on planet Mars is using Wind River's VxWorks operating system.

The vulnerability is triggered when VxWorks' tarExtract function is used on untrusted tar archive files. The official VxWorks advisory can be found on the Wind River website.

IT-Sicherheit beim elektronischen Gesundheitsdossier im Fürstentum Liechtenstein

Pentagrid AG

2023-09-14 21:30 (updated 2023-09-18 10:42)

Am 1. Januar 2022 trat im Fürstentum Liechtenstein das Gesetz zum elektronischen Gesundheitsdossier (EGDG) in Kraft. Das elektronische Gesundheitsdossier (eGD) wird für alle 39'000 Bürger eingeführt, welche nicht Widerspruch einlegen und diesem Widerspruch eine Passkopie beilegen. Wir haben uns das genauer angeschaut.

Eine journalistische Aufbereitung unserer Befunde gibt es beim Liechtensteiner Vaterland (Paywall).

Busybox cpio directory traversal vulnerability (CVE-2023-39810)

Pentagrid AG

2023-08-28 10:00 (updated 2023-08-29 01:00)

When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.

Multiple vulnerabilities in Aten PE8108 power distribution unit

Pentagrid AG

2023-04-03 11:42 (updated 2023-08-02 09:00)

Pentagrid identified several vulnerabilities in the PE8108 rack power distribution unit (PDU) manufactured by Aten. The PE8108 is an outlet-metered and switched rack-mountable PDU, which means it supports measuring power of connected devices on a per-outlet basis and allows switching individual outlets on and off. The PDU can be controlled, for example, via HTTP/HTTPS and Telnet. Therefore, the PDU provides authentication and supports multiple users with the option to restrict a user's access to certain outlets. During a review, Pentagrid found authorization checks to be broken in several places, which might lead to a compromise of the appliance. Since the main purpose of the PDU is to distribute power to data center components, the main threat is that attackers switch off parts of the infrastructure.

Credit card statement disclosure vulnerability in Viseca's eXpense portal

Pentagrid AG

2023-03-20 04:23

As a security company we try to use services that are solid, trustworthy and secure and therefore we do our due diligence if we find the time for it. Checking products for IT security issues in a non-intrusive way is a part of that. You can call it supply chain security if you like.

To avoid scanning credit card paper statements sent by snail mail every month, Pentagrid was looking for an option to receive them electronically. For our bank though, the only option was to sign up for Viseca's eXpense platform, which allows access to business credit card statements in PDF format. However, uppon login into the portal for the first time, our experienced analyst's gut feeling told us something is not right. For example, the second-factor authentication when doing a login on the eXpense platform was simply typing the last four digits of our telephone number. And that's definitely not state-of-the-art security.

We decided to have a quick look. Our experience in web application security analysis told us that the download function for PDF statements was a good candidate to have a look at. We've seen this kind of functionality fail in many applications before. You may guess, what happened.

An open source SMS gateway for pentest projects

Pentagrid AG

2022-12-06 09:23

Accounts for mobile applications are often bound to phone numbers and working with multiple people on a project may make it necessary at some point to share mobile phone numbers for receiving SMS. Also, when testing mobile applications protected by a SMS-based second-factor authentication, sharing phone numbers among the testing team is sometimes necessary and also acceptable regarding security, when the scope is only a test system. At Pentagrid, we therefore operate a small SMS Gateway, which we hereby publish as open source.

Multiple vulnerabilities in SEPPmail 11.1.10

Pentagrid AG

2022-11-15 10:00

During a penetration test, Pentagrid identified several vulnerabilities in the E-mail gateway SEPPmail version 11.1.10 developed by the Swiss company Seppmail AG. The gateway solution is used to transfer confidential E-mails.

Reflected cross-site scripting vulnerability in Crealogix EBICS implementation (CVE-2022-3442)

Pentagrid AG

2022-10-10 10:00

During a penetration test of an Electronic Banking Internet Communication Standard (EBICS) environment, Pentagrid observed a vulnerability in the EBICS banking implementation developed by CREALOGIX AG and used by many banks. EBICS is a common standard in Germany, France and Switzerland for sending payment information from customers to banks and between banks.

Improving web application security testing with the Pentagrid Scan Controller

Pentagrid AG

2022-08-23 13:42

We're back with another helpful Portswigger Burp Pro Proxy extension that you shouldn't miss if you do web application security analysis. This time the wasteful approach of Burp's feature "Actively scan all in-scope traffic" triggered the development of a new extension called Pentagrid Scan Controller, because there are several improvements possible and desirable.

Vulnerabilities in Printix Cloud Print Management

Pentagrid AG

2022-08-18 08:42

During a penetation test of a cloud environment, Pentagrid observed vulnerabilities in the cloud printing solution developed by Printix.net ApS, a Kofax subsidiary.