CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.5%
Title: Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass
Advisory ID: ZSL-2018-5453
Type: Local/Remote
Impact: DoS, Security Bypass, System Access
Risk: (5/5)
Release Date: 10.03.2018
Web Administration of Machine.
The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
Prisma Industriale S.r.l. - <https://www.prismaindustriale.com>
1.0 (Rev 21, EPROM 202FWSAM ??)
HMS AnyBus-S WebServer
[06.02.2018] Vulnerability discovered.
[19.02.2018] Vendor contacted.
[09.03.2018] No response from the vendor.
[10.03.2018] Public security advisory released.
Vulnerability discovered by Gjoko Krstic - <[email protected]>
[1] <https://exchange.xforce.ibmcloud.com/vulnerabilities/140264>
[2] <https://packetstormsecurity.com/files/146726>
[3] <https://cxsecurity.com/issue/WLB-2018030101>
[4] <https://www.exploit-db.com/exploits/44276/>
[5] <https://vulners.com/cve/CVE-2018-9161>
[6] <https://nvd.nist.gov/vuln/detail/CVE-2018-9161>
[10.03.2018] - Initial release
[16.03.2018] - Added reference [1], [2], [3] and [4]
[19.04.2018] - Added reference [5] and [6]
Zero Science Lab
Web: <http://www.zeroscience.mk>
e-mail: [email protected]
<html><body><p>Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass
Vendor: Prisma Industriale S.r.l.
Product web page: https://www.prismaindustriale.com
Affected version: 1.0 (Rev 21, EPROM 202FWSAM ??)
Summary: Web Administration of Machine.
Desc: The vulnerability exists due to the disclosure of hard-coded credentials allowing
an attacker to effectively bypass authentication of PrismaWEB with administrator
privileges. The credentials can be disclosed by simply navigating to the login_par.js
JavaScript page that holds the username and password for the management interface that
are being used via the Login() function in /scripts/functions_cookie.js script.
Tested on: HMS AnyBus-S WebServer
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2018-5453
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
06.02.2018
---
$ curl http://10.10.10.70/user/scripts/login_par.js
// JavaScript Document
// 11 Dicembre 2009 Release 1.0 Rev.10
var txtChkUser = "prismaweb"; // Nome utente Login
var txtChkPassword = "prisma"; // Password Login
</p></body></html>
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.5%