[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] JanTek JTC-200 Vulnerabilities
From: Karn Ganeshen <karnganeshen () gmail ! com>
Date: 2017-10-28 7:00:48
Message-ID: CAB8+WF0b6KZ=gmDfB5vABSHtcMwrMEw6rPR-_RH=7tPRfGqKTg () mail ! gmail ! com
[Download RAW message or body]
Vendor: JanTek
Equipment: JTC-200
Vulnerabilities: Cross-site Request Forgery, Improper Authentication
Advisory URL:
https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02
CVE-ID
CVE-2016-5789
CVE-2016-5791
Detailed Proof of Concept:
https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/
------------------------
AFFECTED PRODUCTS
------------------------
The following versions of JTC-200, a TCP/IP converter, are affected:
JTC-200 all versions.
------------------------
BACKGROUND
------------------------
Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Europe and Asia
Company Headquarters Location: Taiwan
------------------------
IMPACT
------------------------
Successful exploitation of these vulnerabilities allow for remote code
execution on the device with elevated privileges.
------------------------
VULNERABILITY OVERVIEW
------------------------
CROSS-SITE REQUEST FORGERY (CSRF) CWE-352
An attacker could perform actions with the same permissions as a victim
user, provided the victim has an active session and is induced to trigger
the malicious request.
CVE-2016-5789 has been assigned to this vulnerability. A CVSS v3 base score
of 8.0 has been assigned; the CVSS vector string is
(AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
IMPROPER AUTHENTICATION CWE-287
The improper authentication could provide undocumented Busybox Linux shell
accessible over Telnet service without any authentication.
CVE-2016-5791 has been assigned to this vulnerability. A CVSS v3 base score
of 9.8 has been assigned; the CVSS vector string is
(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
------------------------
Technical Details
------------------------
https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/
+++++
Best Regards,
Karn Ganeshen
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic