← Advisories

OpenBMCS 2.4 CSRF Send E-mail

Medium

Advisory ID

ZSL-2022-5691

Release Date

16 January 2022

Vendor

OPEN BMCS - https://www.openbmcs.com

Affected Version

2.4

CVE

N/A

Tested On

Linux Ubuntu 5.4.0-65-generic (x86_64), Linux Debian 4.9.0-13-686-pae/4.9.228-1 (i686), Apache/2.4.41 (Ubuntu), Apache/2.4.25 (Debian), nginx/1.16.1, PHP/7.4.3, PHP/7.0.33-0+deb9u9

Summary

Building Management & Controls System (BMCS). No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on board.

Description

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept

openbmcs_csrf.txtTXT

Disclosure Timeline

26.10.2021Vulnerability discovered.

17.11.2021Vendor contacted.

15.01.2022No response from the vendor.

16.01.2022Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.exploit-db.com/exploits/50667

[2]https://packetstormsecurity.com/files/165579

[3]https://cxsecurity.com/issue/WLB-2022010082

[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/217431

Changelog

16.01.2022Initial release

20.01.2022Added reference [1], [2], [3] and [4]