Security Research
Research Collaboration
I’m interested in exchanging knowledge with fellow security researchers working on:
- Industrial protocol analysis and reverse engineering
- Vulnerability research in ICS/OT systems
- Development of open-source security tools
- Novel attack vectors in critical infrastructure
For speaking invitations or to discuss public research, feel free to reach out via LinkedIn.
Disclaimer
All security research is conducted in my personal capacity, following responsible disclosure practices and applicable laws. Views and research expressed here are my own and do not represent any employer or organization. I do not offer commercial security services or consulting.
CVE Discoveries
Below is a list of CVE (Common Vulnerabilities and Exposures) discoveries I’ve made in industrial control systems and OT products.
CVE-2025-58127
Vendor: Checkmk
Product: Dell Powerscale Plugin
Type: Improper Certificate Validation
Year: 2025
CVE-2025-58126
Vendor: Checkmk
Product: VMware vSAN Plugin
Type: Improper Certificate Validation
Year: 2025
CVE-2025-58125
Vendor: Checkmk
Product: Freebox v6 Agent
Type: Improper Certificate Validation
Year: 2025
CVE-2025-58124
Vendor: Checkmk
Product: check-mk-api Plugin
Type: Improper Certificate Validation
Year: 2025
CVE-2025-58123
Vendor: Checkmk
Product: BGP Monitoring Plugin
Type: Improper Certificate Validation
Year: 2025
CVE-2025-23403
Vendor: Siemens
Product: SIMATIC IPC DiagBase/DiagMonitor
Type: Insecure registry permissions
Year: 2025
CVE-2024-38861
Vendor: Checkmk
Product: Checkmk MikroTik Plugin
Type: Certificate validation bypass
Year: 2024
CVE-2024-35294
Vendor: SCHNEIDER Elektronik GmbH
Product: Series 700
Type: Unauthenticated plaintext credential disclosure
Year: 2024
CVE-2024-35293
Vendor: SCHNEIDER Elektronik GmbH
Product: Series 700
Type: Missing authentication for reboot/erase
Year: 2024
CVE-2023-38641
Vendor: Siemens
Product: SICAM TOOLBOX II
Type: Database service privilege escalation
Year: 2023
Other Security Advisories
CD_SVA_2025_01
Vendor: COPA-DATA
Product: zenon Software Platform
Type: Missing authentication for critical function (CWE-306)
CVSS: 7.5
Description: Remote Transport Service Reboot OS functionality lacks authentication
Year: 2025
E-T-A SEC-2024-2
Vendor: E-T-A Elektrotechnische Apparate GmbH
Product: CPC12 (EC-T1/EN-T1/MB-T1/PN-T1)
Type: Creation of a hidden account possible
Severity: Medium
Description: Account named 'not_available' is invisible in Web UI and cannot be deleted
Year: 2024
E-T-A SEC-2024-1
Vendor: E-T-A Elektrotechnische Apparate GmbH
Product: CPC12 (EC-T1/EN-T1/MB-T1/PN-T1)
Type: Lack of bruteforce protection for the Web UI
Severity: Medium
Description: Unlimited login attempts allowed on Web UI/REST API
Year: 2024
MITRE ATT&CK Contributions
Contributing to the MITRE ATT&CK framework for ICS by documenting real-world adversary techniques and tactics.
T0892 - Change Credential
Tactic: Inhibit Response Function
Description: Adversaries may modify software and device credentials to prevent operator and responder access
Reference: Germany BAS controller incidents - operators locked out via BCU key activation
Platforms: ICS devices including PLCs, RTUs, HMIs, and control servers