Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA multiple vulnerabilities

From: info () itdefence ru
Date: Fri, 1 Oct 2010 04:19:15 -0600
[STANKOINFORMZASCHITA-10-01] Netbiter® webSCADA – multiple vulnerabilities 

Authors: Eugene Salov (eugene () itdefence ru), Andrej Komarov (komarov () itdefence ru) 
Product: Netbiter® webSCADA 
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:R/C:C/I:C/A:C)
Impact Subscore: 10.0
Exploitability Subscore: 8.0
Availability of exploit: Yes

Product description:
Netbiter® webSCADA (WS100/WS200) is one of polular products in industrial automation, allowing to organize remote 
access to field devices based on MODBUS TCP through Ethernet, GSM, GPRS channels. The Netbiter is equipped with both 
Ethernet and a built-in GSM/GPRS modem for communication to remote equipment. This means that it can both communicate 
over an Ethernet LAN and wireless using the built-in modem. In addition it also supports an external GPS receiver to 
keep track of its geographical position. Netbiter solution had embedded WEB-server and HMI, which provides management 
functions by operations on detection of alarms and emergencies with the subsequent notification by SMS, E-mail, SNMP 
protocol.
URL: Intellicom Innovation AB (http://www.intellicom.se)

Vulnerability description:
1. Local File Disclosure (WASC Web Application Threat Classification):
/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00

2. Users information disclosure:
/cgi-bin/read.cgi?file=/home/config/users.cfg

3. An opportunity of malware code uploading by injection of special crafted GIF-image on the logo page modifying:
/cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf&section=PAGE2
 
In the context of GIF-image can be hidden special malware code («Web-shell»), which will be used for SCADA server 
management and unauthorized OS commands execution.

Solution:
There is no available security update for now. It is highly recommended not to use default passwords for user 
authorization. Moreover, additionally you can use ACL lists for allowing access only from trusted hosts. Another 
additional mesaure of safety is using of Web Application Firewalls (WAF) and IPS/IDS systems in the area where SCADA 
system is located. 

About STC «STANKOINFORMZACHITA»:
Science Technology Center (STC) «STANKOINFORMZACHITA» is the leading russian information security company in sphere of 
automation and industrial security, providing information security consulting services, information security audit, 
penetration tesing of SCADA and industrial control systems. 

Contact: info () itdefence ru
Russia, Moscow, Bolshaya Bochtovaya st., 26, Business Center
Tel.: +7 (495) 790-16-60
http://itdefence.ru
Previous By Date Next
Previous By Thread Next

Current thread: