WebCTRL Out-Of-Band XML Injection

`# (CVE-2018-8819)  
  
## Product Description  
WebCTRL is a BACnet native, intelligent, HVAC and energy control system for  
your building. A proven, industry-leading system, the WebCTRLA(r) building  
automation system gives you the ability to fully understand your operations  
and analyze the results with tools that make sense to you.  
  
## Vulnerability Type  
Out-of-Band (OOB) External Entity Injection (XXE)  
  
## Vulnerability Description  
An OOB XXE issue was discovered in Automated Logic Corporation (ALC)  
WebCTRL versions 6.0, 6.1 and 6.5. The issue can be exploited by adding an  
X-Wap-Profile HTTP header that references an XML payload on an attacker  
controlled system to regular application network communications.  
  
## Exploit  
A proof of concept is available here:  
https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html  
  
## Versions  
All WebCTRL versions 6.5 prior to cumulative patch #10 for WebCTRL  
All WebCTRL versions 6.1 prior to cumulative patch #9 for WebCTRL  
All WebCTRL versions 6.0 prior to cumulative patch #15 for WebCTRL  
  
## Mitigation(s)  
Apply cumulative patch #11 for WebCTRL for Version 6.5  
Apply cumulative patch #9 for WebCTRL for Version 6.1  
Apply cumulative patch #15 for WebCTRL for Version 6.0  
  
## Attack Type  
Remote, Unauthenticated  
  
## Impact  
The full contents of files, owned by the vulnerable process, on the  
underlying operating system can be exfiltrated by an unauthenticated user.  
  
## Credit  
This vulnerability was discovered by Darrell Damstedt <hateshape () gmail  
com>.  
  
## References  
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8819  
  
  
`