> > Advisory ID: Ph0s-2023-004 > > Product: EnBw - SENEC legacy storage box: V1-V3 > > Manufacturer: SENEC - a part of EnBw > > Affected Version(s): Firmware: all (as of 2023-06-19) > > Tested Version(s): current > > Vulnerability Type: CWE-319: Cleartext Transmission of Sensitive Information > > > > Risk Level: > > CVSS v3.1 Vector: > > AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N (8.1 High) > > > > Manufacturer Risk Level Rating: > > AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:U/RC:C > > Overall CVSS Score: 7.4 > > > > Solution Status: Fixed > > Manufacturer Notification: 2023-06-05 > > Public Disclosure: 2023-11-01 > > CVE Reference: CVE-2023-39172 > > Author of Advisory: Ph0s[4], R0ckE7 > > > > ******************************************************************************** > > > > Overview: > > Foreword: > > This vulnerability was reported to the enbw-cert. we would like to > > thank enbw-cert for taking care of the vulns and patch the systems. > > we decided to publish when most of the reported vulns are patched > > to make sure nobody is harmed when 3rdparys exploit the mentioned vulns. > > > > About Senec: > > We are SENEC > > > > We have been the EnBW energy independence experts since 2018 – but we have > > put our heart and soul into guiding customers on the route to independence > > since SENEC was founded in 2009. Our passion lies in actively promoting the > > energy transition with innovative ideas and pioneering products. And, > > because we don’t do things by halves, our unwavering ambition is to create > > integrated solutions that enable you to enjoy the highest possible degree > > of independence and sustainability through self-generation of solar > > electricity. > > > > About SENEC Home: > > > > SENEC.Home: The smart electricity storage device for your home > > > > SENEC.Home is the heart of the your sustainable, affordable supply of solar > > electricity. The smart battery storage device stores excess electricity > > generated by your PV system so that you can use it when you need it – such > > as > > when your household’s energy consumption rises in the evening, or on rainy > > days > > when your PV system generates less power. > > > > ******************************************************************************** > > > > Vulnerability Details: > > > > The management interface of the SENEC.Inverter transmits security-critical > > data > > (authentication credentials) in cleartext in a communication channel that > > can be > > sniffed by unauthorized actors. For example, in networking, packets can > > traverse > > many intermediary nodes from the source to the destination, whether across > > the > > internet or an internal network. Some actors might have privileged access > > to a > > network interface or any link along the channel, such as a router. As a > > result, > > network traffic could be sniffed by adversaries, spilling security-critical > > data. > > Incidentally, this refers not only to remote maintenance of the photovoltaic > > system, but also to on-site configuration by a technician at the customer’s > > premises. Due to the lack of transport encryption, a technically skilled > > customer is therefore also able to gather authentication credentials by > > intercepting network traffic, e.g. at the central network gateway. > > > > ******************************************************************************** > > > > Proof of Concept (PoC): > > > > n/a, simply sniff the network > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Solution: > > Patched by Manufacturer > > (Rolled out until September 11, 2023) > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Disclosure Timeline: > > > > 2022-06-01: Vulnerability discovered > > 2023-06-05: Vulnerability reported to manufacturer > > 2023-09-11: Patch rollout by manufacturer to affected devices > > 2023-11-01: Public disclosure of vulnerability > > > > ************************************************************************ > > > > Researcher: > > Ph0s[4], R0ckE7 > > > > ************************************************************************ > > > > Disclaimer: > > > > The information provided in this security advisory is provided "as is" > > and without warranty of any kind. Details of this security advisory may > > be updated in order to provide as accurate information as possible. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Copyright: > > > > Creative Commons - Attribution (by) - Version 4.0 > > URL: https://creativecommons.org/licenses/by/4.0/deed.en > > _______________________________________________ > > Sent through the Full Disclosure mailing list > > https://nmap.org/mailman/listinfo/fulldisclosure > > Web Archives & RSS: https://seclists.org/fulldisclosure/
Attachment:
publickey - Phos4Me@proton.me - 0x3F4F673D.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/