Zero Science Lab » Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

Title: Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass
Advisory ID: ZSL-2018-5453
Type: Local/Remote
Impact: DoS, Security Bypass, System Access
Risk: (5/5)
Release Date: 10.03.2018

Summary

Web Administration of Machine.

Description

The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.

Vendor

Prisma Industriale S.r.l. - https://www.prismaindustriale.com

Affected Version

1.0 (Rev 21, EPROM 202FWSAM ??)

Tested On

HMS AnyBus-S WebServer

Vendor Status

[06.02.2018] Vulnerability discovered.
[19.02.2018] Vendor contacted.
[09.03.2018] No response from the vendor.
[10.03.2018] Public security advisory released.

PoC

prismaweb_auth.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://exchange.xforce.ibmcloud.com/vulnerabilities/140264
[2] https://packetstormsecurity.com/files/146726
[3] https://cxsecurity.com/issue/WLB-2018030101
[4] https://www.exploit-db.com/exploits/44276/
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9161
[6] https://nvd.nist.gov/vuln/detail/CVE-2018-9161

Changelog

[10.03.2018] - Initial release
[16.03.2018] - Added reference [1], [2], [3] and [4]
[19.04.2018] - Added reference [5] and [6]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk