Multiple IBC Solar Vulnerabilities
Tuesday, September 22, 2015 @ 06:09 PM gHale
There are three vulnerabilities, including a disclosure of applications source code, plain text passwords, and cross site scripting (XSS), in IBC Solar products, according to a report on ICS-CERT.
IBC Solar has not produced a patch to mitigate these remotely exploitable vulnerabilities discovered by independent researcher Maxim Rupp.
The following products suffer from the issue:
• IBC Solar ServeMaster TLP+
• Danfoss TLX Pro+
Exploitation of the vulnerabilities can cause an attacker to get the source code of executable scripts, view passwords in plain text, and the ability to inject malicious code.
IBC Solar is a Germany-based photovoltaics specialist, offering products for sunlight-generated power. IBC Solar maintains offices in several countries around the world, including the UK, Netherlands, Italy, India, France, Czech Republic, China, Japan, Portugal Austria, Romania, Malaysia, Turkey, Spain, and Poland.
The affected products, ServeMaster TLP+ and Danfoss TLX Pro+, are web-based SCADA systems. According to IBC Solar, ServeMaster TLP+ and Danfoss TLX Pro+ see action across the energy sector. IBC Solar estimates that these products see use primarily in Europe and Asia.
Because of incorrect settings of the interpreter, the attacker can get the source code of executable scripts.
CVE-2015-6469 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
At viewing, the page source attacker is able to view passwords in plain text.
CVE-2015-6474 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 9.1.
In this application, there are an infinite number of XSS.
CVE-2015-6475 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
No known public exploits specifically target these vulnerabilities. Crafting a working exploit for these vulnerabilities would not be difficult. An attacker with a low skill would be able to exploit these vulnerabilities.
Right now the mitigation for the source code issue is to upgrade to a source that prevents disclosure.
The same with the plaintext password; upgrade to a source that does not store passwords in plaintext.
For cross-site scripting, Never insert untrusted data except in allowed location.
Additional steps are available in the pdf available from the NSA.