Computrols CBAS-Web 19.0.0 Command Injection

!/usr/bin/env python ''' Computrols CBAS-Web Unauthenticated Remote Command Injection Exploit Affected versions: 19.0.0 and below by Sipke Mellema, 2019 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Uses tw...

CBAS-Web 19.0.0 - Remote Code Execution

Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested on: NA CVE : N/A...

CVE-2019-10853

creationtimestamp| type| source ---|---|--- 2019-05-23 19:48:24+00:00| seen| https://t.me/cvemitreorg/258...

CVE-2019-10853

Computrols CBAS 18.0.0 allows Authentication Bypass...

CVE-2019-10853

CVE-2019-10853 affects Computrols CBAS Web (CBAS Web) and causes an Authentication Bypass via an alternate path/channel in the auth module. Affected software includes CBAS Web versions around 18.0.x and 19.0.x (per Red Hat, NCCIC ICS-CERT, CVE listings). The CVE is rated high (NVD CVSSv3 base sco...