← Advisories

WEG SuperDrive G2 v12.0.0 Insecure File Permissions

Low
Advisory ID
ZSL-2016-5294
Release Date
16 January 2016
Vendor
WEG Group - http://www.weg.net
Affected Version
SuperDrive G2 (v12.0.0 Build 20150930-J1.8.0_60-NB8.0.2), SuperDrive (v7.0.0)
CVE
N/A
Tested On
Microsoft Windows 7 Ultimate SP1 (EN), Microsoft Windows 7 Professional SP1 (EN), Java 1.8.0_60
Summary

SuperDrive is a Windows graph tool for parameter setting, control and monitor of WEG Drives. It permits to edit directly in the drive online parameters, or to edit offline parameter files stored in the microcomputer. It enables you to store parameters of all drives that exist in the installation. The software also incorporates functions enable the upload to the drive of the microcomputer parameters sets as well as the download from the drive to the microcomputer. The communication between drive and microcomputer is realized via RS232 serial interface (point to point) or by RS485 for network linkage.

Description

SuperDrive suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group.

Proof of Concept
superdrive_eop.txtTXT
Disclosure Timeline
25.11.2015Vulnerability discovered.
05.12.2015Vendor contacted.
15.01.2016No response from the vendor.
16.01.2016Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://cxsecurity.com/issue/WLB-2016010101
[2]https://www.exploit-db.com/exploits/39260/
[3]https://packetstormsecurity.com/files/135306
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/109736
Changelog
16.01.2016Initial release
17.01.2016Added reference [1]
18.01.2016Added reference [2]
19.01.2016Added reference [3]
21.01.2016Added reference [4]