> > Advisory ID: Ph0s-2023-005 > > Product: EnBw - SENEC legacy storage box: V1-V3 > > Manufacturer: SENEC - a part of EnBw > > Affected Version(s): Firmware: all (as of 2023-06-19) > > Tested Version(s): current > > Vulnerability Type: CWE-923: Improper Restriction of Communication > > Channel to Intended Endpoints > > > > Risk Level: > > CVSS v3.1 Vector: > > AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L (7.4 High) > > > > Manufacturer Risk Level Rating: > > AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:H/RL:T/RC:C > > Overall CVSS Score: 7.2 > > > > Solution Status: Fixed > > Manufacturer Notification: 2023-06-05 > > Public Disclosure: 2023-11-01 > > CVE Reference: CCVE-2023-39171 > > Author of Advisory: Ph0s[4], R0ckE7 > > > > ******************************************************************************** > > > > Overview: > > Foreword: > > This vulnerability was reported to the enbw-cert. we would like to > > thank enbw-cert for taking care of the vulns and patch the systems. > > we decided to publish when most of the reported vulns are patched > > to make sure nobody is harmed when 3rdparys exploit the mentioned vulns. > > > > About Senec: > > We are SENEC > > > > We have been the EnBW energy independence experts since 2018 – but we have > > put our heart and soul into guiding customers on the route to independence > > since SENEC was founded in 2009. Our passion lies in actively promoting the > > energy transition with innovative ideas and pioneering products. And, > > because we don’t do things by halves, our unwavering ambition is to create > > integrated solutions that enable you to enjoy the highest possible degree > > of independence and sustainability through self-generation of solar > > electricity. > > > > About SENEC Home: > > > > SENEC.Home: The smart electricity storage device for your home > > > > SENEC.Home is the heart of the your sustainable, affordable supply of solar > > electricity. The smart battery storage device stores excess electricity > > generated by your PV system so that you can use it when you need it – such > > as > > when your household’s energy consumption rises in the evening, or on rainy > > days > > when your PV system generates less power. > > > > ******************************************************************************** > > > > Vulnerability Details: > > > > The management interface of the SENEC.Inverter is publicly accessible via > > the > > Internet. This circumstance is recommended by the manufacturer and > > customers are > > advised to open the necessary ports to enable remote maintenance. > > As a result, anyone who manages to detect and successfully exploit security > > vulnerabilities in SENEC.Inverter, for instance the authors of this report, > > can > > access and compromise all devices available on the internet without > > restrictions. To achieve this,it is possible to use an IoT search engine > > such as > > Shodan to automatically obtain an up-to-date list of IP addresses of all > > devices > > in just a few seconds. > > > > Besides Shodan, there are other IoT search engines such as Censys or > > ZoomEye to > > complement the list even further. > > Consequently, it is very easy for an attacker to develop an exploit script > > for > > the automated compromise of all SENEC.Inverter devices, e.g. to simul- > > taneously shut down all appliances or to damage them through a targeted > > overload. For this purpose, only the hard-coded credentials previously > > identified in findings CVE-2023-39168 and CVE-2023-39169 need to be used in > > conjunction with SENEC.Inverter’s built-in API. > > > > ******************************************************************************** > > > > Proof of Concept (PoC): > > > > The attack consists of the following steps: > > > > 1. use the shodan dork to obtain management-interfaces. > > (no longer valid, patched by manufacturer) > > > > https://www.shodan.io/search?query=http.html%3A<title>SENEC<%2Ftitle% > > 3E > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Solution: > > Patched by Manufacturer > > (Rolled out until September 11, 2023) > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Disclosure Timeline: > > > > 2022-06-01: Vulnerability discovered > > 2023-06-05: Vulnerability reported to manufacturer > > 2023-09-11: Patch rollout by manufacturer to affected devices > > 2023-11-01: Public disclosure of vulnerability > > > > ************************************************************************ > > > > Researcher: > > Ph0s[4], R0ckE7 > > > > ************************************************************************ > > > > Disclaimer: > > > > The information provided in this security advisory is provided "as is" > > and without warranty of any kind. Details of this security advisory may > > be updated in order to provide as accurate information as possible. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Copyright: > > > > Creative Commons - Attribution (by) - Version 4.0 > > URL: https://creativecommons.org/licenses/by/4.0/deed.en > > _______________________________________________ > > Sent through the Full Disclosure mailing list > > https://nmap.org/mailman/listinfo/fulldisclosure > > Web Archives & RSS: https://seclists.org/fulldisclosure/
Attachment:
publickey - Phos4Me@proton.me - 0x3F4F673D.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/