Utimaco – CVE-2020-26155

During a pentest last year I found an issue which affected the Windows installation product packages for the following products from Utimaco SecurityServer 3.x, 4.x up to version 4.31.1PaymentServer 3.x, 4.x up to version 4.33.0PaymentServer Hybrid 3.x, 4.x up to version 4.33.0Block-safe 2.0.0, 3.0.0CryptoServer CP5 5.0.0.0, 5.1.0.0, incl. CryptoServer CP5 Supporting CD and CryptoServer CP5Continue reading Utimaco – CVE-2020-26155

Siemens – CVE-2020-25245, CVE-2020-28392

After reviewing some Siemens software, I found a couple of issues which related to Insecure Folder Permissions which I reported to their security team. The Siemens team was very responsive and kept me informed throughout their review process. The issues which I reported were remediated and Siemens released two CVE’s and bulletins for which IContinue reading Siemens – CVE-2020-25245, CVE-2020-28392