Blog

1. ADVISORY INFORMATION

Product: B&R Automation Net/PVI
Vendor URL: https://www.br-automation.com/en-us/products/software/automation-netpvi/
Vulnerability #1: CVE-2020-24681 Automation Studio incorrect permission assignments for services. CVSS v3 Base Score: 8.2 (High)
Vulnerability #2: CVE-2020-24681 Net/PVI incorrect permission assignments for services. CVSS v3 Base Score: 8.2 (High)
Vulnerability #3: CVE-2020-24682 Automation Studio unquoted service path vulnerabilities. CVSS v3 Base Score: 7.2 (High)
Vulnerability #4: CVE-2020-24682 PVI Multiple unquoted service path vulnerabilities CVSS v3 Base Score: 7.2 (High)
Date found: 2020-09-28

2. AUTHOR

This vulnerability was discovered and researched by Andrew Hofmans
Public …

1. ADVISORY INFORMATION

Product: B&R Automation Net/PVI
Vendor URL: https://www.br-automation.com/en-us/products/software/automation-netpvi/
Vulnerability #1: CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio. CVSS v3 Base Score: 7.2 (High)
Vulnerability #2: Improper Input Validation CWE-20
Date found: 2020-10-09

2. AUTHOR

This vulnerability was discovered and researched by Andrew Hofmans
Public key: pubkey

3. VERSIONS AFFECTED

Vulnerabilities were found and tested on the most recently released version available at the time (PVI_4.8.2.27 07/27/2020).

4. VULNERABILITY DETAILS

1. When the PVI Manager process is started, it attempts to load DLL resources that …

While exploring my network I discovered that there was a securty vulnerability with my Lorex Technology ECO DVR. After doing more research and reaching out to the vendor and US-CERT I have finally documented and disclosed my first vulnerability report. It was a great learning experience working through the process and practicing responsible disclosure. Unfortunately with cve.mitre.org changing its coverage goals it did not get a CVE identifier. I submitted my report to Bugtraq and the original can be found here or here.

ADVISORY INFORMATION

Product: Lorex Technology ECO DVR
Vendor URL: https://www.lorextechnology.com/
Type: Hard …

While living in Washington, my wife and I decided to buy a boat and live on the water. Here is our 1985 President 41 that we and our cat lived on for 3 years in Kenmore, WA.

Useful Boat Project Resources

I have some of my favorite resources listed below. Some were better then others and some just gave me some great ideas of what is possible.

docksidereports.com
yachtsurvey.com
boatus.com
trawler-beach-house.blogspot.com