Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

Title: Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass
Advisory ID: ZSL-2018-5453
Type: Local/Remote
Impact: DoS, Security Bypass, System Access
Risk: (5/5)
Release Date: 10.03.2018

Summary

Web Administration of Machine.

Description

The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.

Vendor

Prisma Industriale S.r.l. - <https://www.prismaindustriale.com>

Affected Version

1.0 (Rev 21, EPROM 202FWSAM ??)

Tested On

HMS AnyBus-S WebServer

Vendor Status

[06.02.2018] Vulnerability discovered.
[19.02.2018] Vendor contacted.
[09.03.2018] No response from the vendor.
[10.03.2018] Public security advisory released.

PoC

prismaweb_auth.txt

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <https://exchange.xforce.ibmcloud.com/vulnerabilities/140264&gt;
[2] <https://packetstormsecurity.com/files/146726&gt;
[3] <https://cxsecurity.com/issue/WLB-2018030101&gt;
[4] <https://www.exploit-db.com/exploits/44276/&gt;
[5] <https://vulners.com/cve/CVE-2018-9161&gt;
[6] <https://nvd.nist.gov/vuln/detail/CVE-2018-9161&gt;

Changelog

[10.03.2018] - Initial release
[16.03.2018] - Added reference [1], [2], [3] and [4]
[19.04.2018] - Added reference [5] and [6]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: [email protected]