what you don't know can hurt you

HMS Netbiter WS100 3.30.5 Cross Site Scripting

HMS Netbiter WS100 3.30.5 Cross Site Scripting
Posted Jan 13, 2019
Authored by Micha Borrmann

HMS Netbiter WS100 versions 3.30.5 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19694
MD5 | 4c33dddf7eecb5e75d363ffe7b63d308

HMS Netbiter WS100 3.30.5 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2018-042
Product: Netbiter WS100
Manufacturer: HMS Industrial Networks AB
Affected Version(s): 3.30.5 <=
Tested Version(s): 3.30.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Low
Solution Status: Fixed
Manufacturer Notification: 2018-11-29
Solution Date: 2018-12-20
Public Disclosure: 2019-01-11
CVE Reference: CVE-2018-19694
Authors of Advisory: Micha Borrmann (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

Netbiter WS100 is a remote management solution for industrial control
(e.g. emergency generators) (see [1]).

Due to improper input validation, the web-based remote management
solution is vulnerable to reflected cross-site scripting attacks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The login form reflects values from parameters without any kind of
filtering or escaping.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

The following attack vector exemplarily demonstrates the described
reflected cross-site scripting vulnerability:

http://$TARGET/cgi-bin/write.cgi?page=%22;document.write(%27%3Ch1%3EXSS%20Demonstration%3C/h1%3E%27)//

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Install the provided security patch (see [2]).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2018-11-29: Detection of the vulnerability
2018-11-29: CVE number assigned
2018-12-03: Vulnerability reported to manufacturer
2018-12-20: Security patch was released from the vendor
2019-01-11: Public release of the security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:
[1] Product web site
https://www.netbiter.com/support/file-doc-downloads/netbiter-ws100
[2] HMS Security Advisory Report HMSSAR-2018-12-04-001
https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf
[3] SySS Security Advisory SYSS-2018-042
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-042.txt
[4] SySS Responsible Disclosure Policy
https://www.syss.de/en/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Micha Borrmann of SySS GmbH.

E-Mail: micha.borrmann (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Micha_Borrmann.asc
Key Fingerprint: F2E7 C6A5 9950 84ED 7AD6 0DD4 EDBE 26E7 14EA 5876

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory
may be updated in order to provide as accurate information as
possible. The latest version of this security advisory is available on
the SySS Web site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8ufGpZlQhO161g3U7b4m5xTqWHYFAlw4ozcACgkQ7b4m5xTq
WHbO4g//eCR/3uDF5Kr8G5Iybj8SkDbZVtkvvgX6E4NWKUEYC43F2buLtDqeei7k
CiELScdzz7n0SDhmbZLG9NT5Luo9Uu62bDfVejm9c6zLug0VftvX280HyPK51oxf
c3lX7mo5ZClq+Uj0UW/Pr4yZHhTEipySpRAOa1IM2VQqSN2tGThD/IOycZa3FmaL
qk5h+H+hIZKBhFGuowFhNULouP076l6ib66K/v6yXTO6BkcHNiHToUAWkoRuQ0rB
LEikXeAZqmv7DfKRwLhGJWzga4YDOQN0BCoVDtEzgpgf3ogyvwNMKnq5WxylfLn/
T2q8w4jvCmoPtQPRtW1IHGloMngso9O1bXBKzLAbS4EP/RJYzI8iazKVr7x9gpv0
7bw9+lQ9McMLLAiGgkJgMcWOjtaZpB+T5XegVbTjk/4g3kP6XCY8ZA4cvqxQ/QM5
4X5m5bk48ZW/agIqB+a8LzQdtQhFhITZ62eLO13Qmq7vEdIhTx6I1LmIIcICelyQ
pY0aRtMcXePGZOSiO/gqO50L1giA4BjwUOtSekvpt0XP/D4thruUajEK+4hnvazP
eX9bzseBj5gkaYGEBkj3adKK/AK9GALCwhj4UMvSlUA7uhMRUDZxErCZwUrVt9xB
TM0wQddZ5TFCWy22WONVd2+I53WqU+FZbP/Ygv+S0o22nHM++4E=
=TBoG
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close