← Advisories

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

Critical
Advisory ID
ZSL-2018-5453
Release Date
10 March 2018
Vendor
Prisma Industriale S.r.l. - https://www.prismaindustriale.com
Affected Version
1.0 (Rev 21, EPROM 202FWSAM ??)
CVE
CVE-2018-9161
Tested On
HMS AnyBus-S WebServer
Summary

Web Administration of Machine.

Description

The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.

Proof of Concept
prismaweb_auth.txtTXT
Disclosure Timeline
06.02.2018Vulnerability discovered.
19.02.2018Vendor contacted.
09.03.2018No response from the vendor.
10.03.2018Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://exchange.xforce.ibmcloud.com/vulnerabilities/140264
[2]https://packetstormsecurity.com/files/146726
[3]https://cxsecurity.com/issue/WLB-2018030101
[4]https://www.exploit-db.com/exploits/44276/
[5]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9161
[6]https://nvd.nist.gov/vuln/detail/CVE-2018-9161
Changelog
10.03.2018Initial release
16.03.2018Added reference [1], [2], [3] and [4]
19.04.2018Added reference [5] and [6]