Vulnerability Lab

With the Vulnerability Lab, SEC Consult operates its own internal security laboratory, in order to ensure an international know-how advantage over attackers in the areas of network and application security. In addition, this facility serves the support with high-quality penetration tests and with the evaluation of new technologies and is at the service of our customers. Thus, they receive the latest information about security gaps and valid statements about the risk profile of new technologies.

Our Vulnerability Lab follows a Responsible Disclosure Policy which aims to provide vendors with the necessary information and timeframe needed to validate and fix a security flaw in order to mutually coordinate the public release of a security advisory as part of our responsible disclosure process. This document also clarifies the extent and limitation of effort the SEC Consult Vulnerability Lab will invest. It can be found here.

Here you find all our studies and whitepapers.

You can reach our Vulnerability Lab through security-research(at)sec-consult.com. The PGP key with fingerprint F9A9D4AF3DC2D298835090252D2DD7B5C6EE883F can be downloaded here.

The SEC Consult Vulnerability Lab is also an official CNA (CVE Numbering Authority) and our scope for assigning CVE numbers is all vulnerabilities discovered in third-party hardware/software by the SEC Consult Vulnerability Lab, which are not in another CNA's scope.

12. Jun 2025

11. Jun 2025

04. Jun 2025

20. May 2025

06. May 2025

29. Apr 2025

22. Apr 2025

26. Feb 2025

11. Feb 2025

27. Jan 2025

11. Dec 2024

04. Dec 2024

27. Nov 2024

25. Nov 2024

12. Nov 2024

Page 1 of 30
1
2
3
…
30
next

Vulnerability Lab

Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

Undocumented Root Shell Access on SIMCom Modem

Local Privilege Escalation and Default Credentials in MEDICAL OFFICE demo by INDAMED

Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations

Honeywell MB Secure Authenticated Command Injection

Multiple Vulnerabilities in HP Wolf Security Controller / HP Sure Access Enterprise / HP Sure Click Enterprise

Ivanti Endpoint Manager_Local Privilege Escalation via DLL Search Order Hijacking

Multiple Vulnerabilities in Siemens A8000 CP-8050 and CP-8031 PLC

Multiple vulnerabilities in Wattsense Bridge

Wind River Software VxWorks RTOS Weak Password Hashing Algorithms

Reflected Cross-Site Scripting in Numerix License Server Administration System Login

Multiple Critical Vulnerabilities in Image Access Scan2Net

Stored Cross-Site Scripting in Omada Identity

Unlocked JTAG interface and buffer overflow in Siemens SM-2558 Protocol Element (extension module for Siemens SICAM AK3/TM/BC), Siemens CP-2016 & CP-2019

Multiple vulnerabilities in Siemens Energy Omnivise T3000

Vulnerability Lab

We use Cookies

Technically required

Analysis / statistics

Matomo

Targeting / Profiling / Advertising

Google Ads