HackDig : Dig high-quality web security articles for hackers

Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit

2014-12-14 17:20
Title: Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit
Advisory ID: ZSL-2014-5216
Type: Local/Remote
Impact: Security Bypass, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 14.12.2014
Summary
Soitec power plants are a profitable and ecological investmentat the same time. Using Concentrix technology, Soitec offers a reliable,proven, cost-effective and bankable solution for energy generation in thesunniest regions of the world. The application shows how Concentrix technologyworks on the major powerplants managed by Soitec around the world. You willbe able to see for each powerplant instantaneous production, current weathercondition, 3 day weather forecast, Powerplant webcam and Production data history.
Description
Soitec SmartEnergy web application suffers from an authentication bypassvulnerability using SQL Injection attack in the login script. The script failsto sanitize the 'login' POST parameter allowing the attacker to bypass the securitymechanism and view sensitive information that can be further used in a socialengineering attack.
Vendor
Soitec - http://www.soitec.com
Affected Version
1.4 and 1.3
Tested On
nginx/1.6.2
Vendor Status
[16.11.2014] Vulnerability discovered.
[02.12.2014] Vendor contacted.
[08.12.2014] Vendor responds asking more details.
[08.12.2014] Sent details to the vendor.
[09.12.2014] Vendor confirms the vulnerability.
[12.12.2014] Vendor applies fix to version 1.4.
[14.12.2014] Coordinated public security advisory released.
PoC
smartenergy_sqli.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://smartenergy.soitec.com
[2] http://cxsecurity.com/issue/WLB-2014120086
Changelog
[14.12.2014] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.6125-4102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:7864 | Comments:0 | Tags: exploit

“Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools