← Advisories

NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution

High
Advisory ID
ZSL-2019-5513
Release Date
09 March 2019
Vendor
NREL - https://beopt.nrel.gov
Affected Version
2.8.0.0, 2.7.0.0, 2.6.0.1
CVE
CVE-2019-25268
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Summary

The BEoptâ„¢ (Building Energy Optimization Tool) software provides capabilities to evaluate residential building designs and identify cost-optimal efficiency packages at various levels of whole-house energy savings along the path to zero net energy.

Description

BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share.

Proof of Concept
beopt_dllhijack.cTXT
Disclosure Timeline
06.02.2019Vulnerability discovered.
08.02.2019Vendor contacted.
08.02.2019Vendor responds asking more details.
09.02.2019Sent details to the vendor.
18.02.2019No response from the vendor.
19.02.2019Asked vendor for status update.
08.03.2019No response from the vendor.
09.03.2019Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/152043
[2]https://cxsecurity.com/issue/WLB-2019030108
[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/158065
[4]https://www.cve.org/CVERecord?id=CVE-2019-25268
Changelog
09.03.2019Initial release
12.03.2019Added reference [1]
13.03.2019Added reference [2]
17.03.2019Added reference [3]
24.03.2026Added reference [4]