Flaws in Sauter’s moduWEB Vision SCADA product can be exploited by
remote attackers to take full control of the product. The flaw was
identified by researchers at vulnerability Management Company,
Outpost24.
Sauter is a Switzerland-based company that specializes in building automation and system integration products. moduWEB Vision is a web-based visualization solution designed to allow users to operate and monitor building technologies remotely.
One of the flaw in the product is that though Sauter tells its users to change the password of the administrator account but there are other default accounts which are not covered in the vendor’s documentation thus making them vulnerable to the attackers.
The attackers then can reset the system to its default configuration, change the configuration or disable devices, and modify all passwords.
The attackers do not need to crack the hash to access the admin account, instead they can use it directly to authenticate on the system.
The researcher team found that some of the passwords are transmitted in clear text (CVE-2015-7915) when populating the password field in cases where the “keep me logged in” feature is enabled, but this feature is only enabled in newer versions of the SCADA system.
In addition, the attacker can also leverage a persistent cross-site scripting vulnerability found in the user and events management panels to elevate privileges and execute commands on behalf of an administrator.
The installations of the product are exposed to the internet which makes it easy to find its flaws because the product runs on web server that has specific header information.
The vendor has released 1.6.0 of the firmware to address the issues but Outpost 24 alleges that some of the vulnerabilities are still left untouched.
The vulnerabilities were reported to the company last year in April.
Sauter is a Switzerland-based company that specializes in building automation and system integration products. moduWEB Vision is a web-based visualization solution designed to allow users to operate and monitor building technologies remotely.
One of the flaw in the product is that though Sauter tells its users to change the password of the administrator account but there are other default accounts which are not covered in the vendor’s documentation thus making them vulnerable to the attackers.
The attackers then can reset the system to its default configuration, change the configuration or disable devices, and modify all passwords.
The attackers do not need to crack the hash to access the admin account, instead they can use it directly to authenticate on the system.
The researcher team found that some of the passwords are transmitted in clear text (CVE-2015-7915) when populating the password field in cases where the “keep me logged in” feature is enabled, but this feature is only enabled in newer versions of the SCADA system.
In addition, the attacker can also leverage a persistent cross-site scripting vulnerability found in the user and events management panels to elevate privileges and execute commands on behalf of an administrator.
The installations of the product are exposed to the internet which makes it easy to find its flaws because the product runs on web server that has specific header information.
The vendor has released 1.6.0 of the firmware to address the issues but Outpost 24 alleges that some of the vulnerabilities are still left untouched.
The vulnerabilities were reported to the company last year in April.