Trần Minh Cường - Blog of Viettel Cyber Security

CVE-2020-27265 (Pre-auth on KEPWARE products)

IntroductionAs a newbie in the field of OT Security, learning the protocols used in industrial environments is a necessity for me. That's why OPC UA is a protocol I can't ignore. As we know PLC is a key point in OT network operation, and it is operated by proprietary protocols

Researches

Security wall of S7CommPlus - Part 2

BrieflyIn the previous article, I clearly described the structure of the S7CommPlus protocol and debugged OMSp_core_managed.dll to understand the cryptographic authentication and communication handshake process. From there, we find the position of the functions to calculate the main parameters such as Symmetric key checksum, public key checksum…

Researches

Security wall of S7CommPlus - Part 1

IntroductionSiemens PLC is often used in ISC industrial control systems to perform important logic actions of the operation process. New versions of Siemens PLC from s7-1500 and s7-1200V4.0 used an encryption protocol s7CommPLus to protect against replay attacks. The study below, it can be applied in the SCADA-Based OT

Researches

1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N

Vulnerabilities on TP-Link TL-WR841N devices Vulnerability Description CVE-2020-8423 Data parsing CVE-2022-24355 File extensions handling CVE-2022-30024 Assignment data CVE-2020-8423Description The vulnerability on TP-LINK's router device with model number TL-WR841N V10 is assigned ID CVE-2020-8423. The vulnerability allows an authenticated attacker to remotely execute arbitrary code on the device by sending a