Ismail Tasdelen - Security Researcher

Heatmiser Netmonitor version 3.03 suffers from a hardcoded credential vulnerability. Exploit Code : # Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials # Date: 2019-12-22 # Exploit Author: Ismail Tasdelen # Vendor Homepage: https://www.heatmiser.com/en/ # Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf # Software: Netmonitor v3.03 # Product Version: Netmonitor v3.03 # CWE : CWE-798 # Vulenrability: Use of Hard-coded Credentials # CVE: N/A # Decription : # Hard-coded Credentials security vulnerability of Netmonitor model v3.03 # from Heatmiser manufacturer has been discovered. With this # vulnerability, the hidFrm form in the source code of the page # anonymously has access to hidden input codes. This information is # contained in the input field of the hidFrm form in the source code # lognm and logpd.    Source : https://packetstormsecurity.com/files/155767/Heatmiser-Netmonitor-3.03-Hardcoded-Credentials.html

Schneider Electric Security Notification Security Notification -Embedded Web Servers for Modicon (V3.0) CVE : CVE-2018-7804 CVSS v3.0 Base Score 4.7 | (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L A CWE-601: URL Redirection to Untrusted Site vulnerability exists, where a user clicking on a specially crafted link can be redirected to a URL of the attacker’s choosing. Security Researcher : Ismail Tasdelen