Campbell Scientific has an updated version available to handle path traversal and weak encoding for password vulnerabilities in its CSI Web Server, according to a report with CISA.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by Patrick K. Sheehan, Grant Hume, and Donald Macary, could allow an attacker to download files and decode stored passwords.

The following versions of Campbell Scientific CSI Web Server and RTMC (Real-Time Monitoring and Control) Pro, which contains the CSI Web Server suffer from the vulnerabilities:
— Campbell Scientific CSI Web Server: Versions 1.6 and prior
— RTMC Pro: Version 5.0 and prior

In one issue, the Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should end up restricted to.

CVE-2024-5433 is the case number for this vulnerability, which has a CVSS v3.1 base score of 5.3. There is also a CVSS v4 base score of 6.9.

Schneider Bold

In addition, the Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file store in a weakly encoded format. There is no way to remotely access the file unless the user manually renames it. However, if an attacker were to gain access to the file, passwords could end up decoded and reused to gain access.

CVE-2024-5434 is the case number for this vulnerability, which has a CVSS v3.1 base score of 5.7. There is also a CVSS v4 base score of 6.9.

The product sees use in the energy, food and agriculture, water and wastewater, and transportation systems sectors.

No known exploits target these vulnerabilities. However, an attacker could leverage these low complexity vulnerabilities.

Campbell Scientific recommends users to update to the version:
For user of CSI Web Server update to the most recent CSI Web Server 1.x patch 
For users of RTMC Pro 5 update to the most recent RTMC Pro 5.x patch 
For users of RTMC Pro 4 update to the most recent RTMC Pro 4.x patch 

Contact Campbell Scientific for more details.

ISSSource

Pin It on Pinterest

Share This