下面是原始网页http://seclists.org/fulldisclosure/2017/Apr/38的快照。安全客与该网页作者无关,不对其内容负责。 刷新快照
Full Disclosure: Carlo Gavazzi VMUC-EM - Multiple Vulnerabilities
Home page logo

Full Disclosure mailing list archives

Carlo Gavazzi VMUC-EM - Multiple Vulnerabilities
From: Karn Ganeshen <karnganeshen () gmail com>
Date: Thu, 06 Apr 2017 19:43:53 +0000

*VMU-C Web-Server solution for photovoltaic applications*

VMU-C EM is a data logger system for small to medium projects, VMUC-Y EM is
a hardware data aggregator for medium to larger projects and Em2 Server is
a software solution for large projects. They are designed to complement the
extensive line of Carlo Gavazzi energy meters and current transformers.

*ICS-CERT advisory*
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03

*CVE-IDs*
CVE-2017-5144
CVE-2017-5145
CVE-2017-5146

*Vulnerable versions*

   - VMU-C EM prior to firmware Version A11_U05, and
   - VMU-C PV prior to firmware Version A17


*1. Weak Credentials Management*
-> admin/admin
-> Application does not enforce mandatory password change

*2. Sensitive Information stored in clear-text*
Accounts menu option
⇒ shows username and password
⇒ passwords shown in clear-text
⇒ SMTP server password
⇒ user and service passwords are stored in clear-text

*3. Access Control flaws*

   1. Access control is not enforced correctly
   2. Certain application functions can be accessed without any
   authentication
   3. Application stores the Energy / Plant data in a sqlite database -
   EWPlant.db. Anyone can dump plant database file - without any authentication

*4. Reflected + Stored XSS - multiple URLs, parameters - *Not documented in
ICS-CERT Advisory

Successful exploitation of this vulnerability could allow an
unauthenticated attacker to inject arbitrary JavaScript in a specially
crafted URL request where the response containing user data is returned to
the web browser without being made safe to display.

*5. Vulnerable to Cross-Site Request Forgery*

There is no CSRF Token generated per page and / or per (sensitive)
function. Successful exploitation of this vulnerability can allow silent
execution of unauthorized actions on the device such as configuration
parameter changes, and saving modified configuration.

+++++

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

  By Date           By Thread  

Current thread:
  • Carlo Gavazzi VMUC-EM - Multiple Vulnerabilities Karn Ganeshen (Apr 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]