HackDig : Dig high-quality web security articles for hacker

iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions

2015-12-06 18:45
Title: iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions
Advisory ID: ZSL-2015-5283
Type: Local
Impact: Privilege Escalation
Risk: (2/5)
Release Date: 06.12.2015
Summary
Modular and automated engineering is provided for HMI andSCADA. The tools are developed to join a large range of engineeringmodules together quickly. We modularize our software, as the mechanicsof a system are modularized today. Easy to visualize with a few clicks.
Description
SpiderControl PLC Editor Simatic suffers from an elevation ofprivileges vulnerability which can be used by a simple user that canchange the executable file with a binary of choice. The vulnerabilityexist due to the improper permissions, with the 'F' flag (Full) for'Everyone' group, and 'C' flag (Change) for 'Authenticated Users' groupmaking the entire directory 'PLCEditorSimatic_6300400' and its filesand sub-dirs world-writable.
Vendor
iniNet Solutions GmbH - http://www.spidercontrol.net
Affected Version
6.30.04 (Build 6300400)
Tested On
Microsoft Windows 7 Professional SP1 (EN)
Microsoft Windows 7 Ultimate SP1 (EN)
Vendor Status
[22.10.2015] Vulnerability discovered.
[11.11.2015] Vendor contacted.
[11.11.2015] Vendor responds asking more details.
[11.11.2015] Sent details to the vendor.
[15.11.2015] Asked vendor for status update.
[16.11.2015] Vendor states issues have no impact for customers because they use it in their protected environment.
[06.12.2015] Public security advisory released.
PoC
ininetscpes_insecureperm.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[06.12.2015] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.3825-5102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:2344 | Comments:0 | Tags:No Tag

“iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud