Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit

Title: Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit
Advisory ID: ZSL-2014-5216
Type: Local/Remote
Impact: Security Bypass, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 14.12.2014
Summary
Soitec power plants are a profitable and ecological investment at the same time. Using Concentrix technology, Soitec offers a reliable, proven, cost-effective and bankable solution for energy generation in the sunniest regions of the world. The application shows how Concentrix technology works on the major powerplants managed by Soitec around the world. You will be able to see for each powerplant instantaneous production, current weather condition, 3 day weather forecast, Powerplant webcam and Production data history.
Description
Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack.
Vendor
Soitec - http://www.soitec.com
Affected Version
1.4 and 1.3
Tested On
nginx/1.6.2
Vendor Status
[16.11.2014] Vulnerability discovered.
[02.12.2014] Vendor contacted.
[08.12.2014] Vendor responds asking more details.
[08.12.2014] Sent details to the vendor.
[09.12.2014] Vendor confirms the vulnerability.
[12.12.2014] Vendor applies fix to version 1.4.
[14.12.2014] Coordinated public security advisory released.
PoC
smartenergy_sqli.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://smartenergy.soitec.com
[2] http://cxsecurity.com/issue/WLB-2014120086
[3] http://www.exploit-db.com/exploits/35529/
[4] http://packetstormsecurity.com/files/129588
[5] http://osvdb.org/show/osvdb/115958
[6] http://xforce.iss.net/xforce/xfdb/99356
Changelog
[14.12.2014] - Initial release
[15.12.2014] - Added reference [3]
[16.12.2014] - Added reference [4]
[17.12.2014] - Added reference [5]
[27.12.2014] - Added reference [6]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk