← Advisories

Operation Technology ETAP 14.1.0 Local Privilege Escalation

Medium
Advisory ID
ZSL-2016-5323
Release Date
22 May 2016
Vendor
Operation Technology, Inc. - http://www.etap.com
Affected Version
14.1.0.0
CVE
N/A
Tested On
Microsfot Windows 7 Professional SP1 (EN) x86_64, Microsoft Windows 7 Ultimate SP1 (EN) x86_64
Summary

Enterprise Software Solution for Electrical Power Systems. ETAP is the most comprehensive electrical engineering software platform for the design, simulation, operation, and automation of generation, transmission, distribution, and industrial systems. As a fully integrated model-driven enterprise solution, ETAP extends from modeling to operation to offer a Real-Time Power Management System.

Description

ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group.

Proof of Concept
etap_eop.txtTXT
Disclosure Timeline
07.04.2016Vulnerabilities discovered.
11.04.2016Vendor contacted.
21.05.2016No response from the vendor.
22.05.2016Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://cxsecurity.com/issue/WLB-2016050108
[2]https://www.exploit-db.com/exploits/39845/
[3]https://packetstormsecurity.com/files/137144
[4]http://www.vfocus.net/art/20160524/12703.html
[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/113435
Changelog
22.05.2016Initial release
23.05.2016Added reference [1], [2] and [3]
25.05.2016Added reference [4]
27.05.2016Added reference [5]