Kabona AB WDC Vulnerabilities

Thursday, October 13, 2016 @ 04:10 PM gHale

Kabona AB created an update to mitigate these vulnerabilities in its WebDatorCentral (WDC) application, according to a report with ICS-CERT.

Martin Jartelius, who along with John Stock both of Outpost 24 discovered the issues, tested the update to validate it resolves the remotely exploitable vulnerabilities.

Sierra Wireless Mitigations Against Mirai
Siemens Mitigates ALM Vulnerabilities
Siemens Clears Information Disclosure Holes
Siemens Fixes SINEMA Server Hole

All WDC versions prior to Version 3.4.0 suffer from the issues.

Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to inject arbitrary code in a specially crafted URL. This request would grant the attacker the access to the application. This access would include the ability to obtain data from the web server application and redirect users to other potentially malicious pages.

Kabona AB is a Sweden-based company that maintains offices in several countries around the world, including Sweden and the UK.

The affected product, WDC, is a web-based SCADA system. WDC sees action across several sectors including commercial facilities. Kabona AB estimates these products see use primarily in Sweden with a small percentage in other parts of Europe and Canada.

In terms of vulnerabilities, the web server URL inputs do not end up sanitized correctly, which may allow cross-site scripting vulnerabilities.

CVE-2016-8356 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 8.2.

In addition, the non-validated redirect/non-validated forward allows chaining with authenticated vulnerabilities.

CVE-2016-8376 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.9.

Also, WDC does not limit authentication attempts which may allow a brute force attack method.

CVE-2016-8347 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target these vulnerabilities. However, crafting a working exploit for these vulnerabilities would not be difficult. Social engineering would be mandatory for one vulnerability to convince the user to accept the malformed file or links. Additional user interaction would end up needed to load the malformed file or access the link. This decreases the likelihood of a successful exploit.

Kabona AB recommends updating to the latest version of WDC software. Information on updating can be obtained through the vendor by email their support representatives.