[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA multiple vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA multiple vulnerabilities
From: info@xxxxxxxxxxxx
Date: Fri, 1 Oct 2010 04:19:15 -0600

[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA ? multiple vulnerabilities 

Authors: Eugene Salov (eugene@xxxxxxxxxxxx), Andrej Komarov 
(komarov@xxxxxxxxxxxx) 
Product: Netbiter® webSCADA 
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:R/C:C/I:C/A:C)
Impact Subscore: 10.0
Exploitability Subscore: 8.0
Availability of exploit: Yes

Product description:
Netbiter® webSCADA (WS100/WS200) is one of polular products in industrial 
automation, allowing to organize remote access to field devices based on MODBUS 
TCP through Ethernet, GSM, GPRS channels. The Netbiter is equipped with both 
Ethernet and a built-in GSM/GPRS modem for communication to remote equipment. 
This means that it can both communicate over an Ethernet LAN and wireless using 
the built-in modem. In addition it also supports an external GPS receiver to 
keep track of its geographical position. Netbiter solution had embedded 
WEB-server and HMI, which provides management functions by operations on 
detection of alarms and emergencies with the subsequent notification by SMS, 
E-mail, SNMP protocol.
URL: Intellicom Innovation AB (http://www.intellicom.se)

Vulnerability description:
1. Local File Disclosure (WASC Web Application Threat Classification):
/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00

2. Users information disclosure:
/cgi-bin/read.cgi?file=/home/config/users.cfg

3. An opportunity of malware code uploading by injection of special crafted 
GIF-image on the logo page modifying:
/cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf&section=PAGE2
 
In the context of GIF-image can be hidden special malware code («Web-shell»), 
which will be used for SCADA server management and unauthorized OS commands 
execution.

Solution:
There is no available security update for now. It is highly recommended not to 
use default passwords for user authorization. Moreover, additionally you can 
use ACL lists for allowing access only from trusted hosts. Another additional 
mesaure of safety is using of Web Application Firewalls (WAF) and IPS/IDS 
systems in the area where SCADA system is located. 

About STC «STANKOINFORMZACHITA»:
Science Technology Center (STC) «STANKOINFORMZACHITA» is the leading russian 
information security company in sphere of automation and industrial security, 
providing information security consulting services, information security audit, 
penetration tesing of SCADA and industrial control systems. 

Contact: info@xxxxxxxxxxxx
Russia, Moscow, Bolshaya Bochtovaya st., 26, Business Center
Tel.: +7 (495) 790-16-60
http://itdefence.ru

Prev by Date: THOTCON 0x2 - Call For Papers is Open -> 10.01.10
Next by Date: Re: XSRF (CSRF) in Zimplit
Previous by thread: THOTCON 0x2 - Call For Papers is Open -> 10.01.10
Next by thread: Re: XSRF (CSRF) in Zimplit
Index(es):
- Date
- Thread