HackDig : Dig high-quality web security articles for hackers

Cimetrics BACnet Explorer 4.0 XXE Vulnerability

2017-02-12 15:55
Title: Cimetrics BACnet Explorer 4.0 XXE Vulnerability
Advisory ID: ZSL-2017-5398
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, DoS
Risk: (3/5)
Release Date: 12.02.2017
Summary
The BACnet Explorer is a BACnet client application thathelps auto discover BACnet devices.
Description
BACnetExplorer suffers from an XML External Entity (XXE)vulnerability using the DTD parameter entities technique resultingin disclosure and retrieval of arbitrary data on the affected nodevia out-of-band (OOB) attack. The vulnerability is triggered wheninput passed to the xml parser is not sanitized while parsing thexml project file.
Vendor
Cimetrics, Inc. - https://www.cimetrics.com
Affected Version
4.0.0.0
Tested On
Microsoft Windows 7 Professional SP1 (EN)
Microsoft Windows 7 Ultimate SP1 (EN)
Vendor Status
[30.01.2017] Vulnerability discovered.
[31.01.2017] Vendor contacted.
[11.02.2017] No reply from the vendor.
[12.02.2017] Public security advisory released.
PoC
bacnetexplorer_xxe.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[12.02.2017] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.8935-7102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:3314 | Comments:0 | Tags: Vulnerability

“Cimetrics BACnet Explorer 4.0 XXE Vulnerability”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud