CVE-2019-3702: Remote Code Execution in Lifesize Icon

Overview Vendor: Lifesize Product: Lifesize Icon Version: LS_RM3_3.7.0 (2421) Vulnerability: Remote Code Execution Background LifeSize Icon is a video collaboration platform and consists of various components, e.q. software, video and phone systems. From the vendor’s website: “For more than a decade, Lifesize has been at the forefront of video collaboration...


CVE-2018-18692: Cross-Site Scripting in Semcosoft

Overview Vendor: SEMCO Software Engineering GmbH Product: SemcoSoft Version: 5.3 Vulnerability: Reflected Cross-Site Scripting Background SEMCO stands for a modern seminar and course management, which supports employees in a time-saving and efficient way in the daily business. It finds its use in company training, coaching, seminars of any orientation and...


CVE-2018-7298: Downloading Firmware via Plain HTTP in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...


CVE-2018-7300: Arbitrary File Upload / Remote Code Execution in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...


CVE-2018-7299: Untrusted Addon Installation / Remote Code Execution in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...