Rockwell Automation Allen-Bradley PowerMonitor 1000 – Incorrect Access Control Authentication Bypass

• Exploit Database
• 18 阅读

• 作者： Luca.Chiou
  日期： 2018-12-04
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/45937/

• # Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control
  # Date: 2018-11-27
  # Exploit Author: Luca.Chiou
  # Vendor Homepage: https://www.rockwellautomation.com/
  # Version: 1408-EM3A-ENT B
  # Tested on: It is a proprietary devices: https://ab.rockwellautomation.com/zh/Energy-Monitoring/1408-PowerMonitor-1000
  # CVE : CVE-2018-19616
  
  # 1. Description:
  # In Rockwell Automation Allen-Bradley PowerMonitor 1000 web page, there are a few buttons are disabled,
  # such as “Edit”, “Remove”, “AddNew”, “Change Policy Holder” and “Security Configuration”.
  # View the source code of login page, those buttons/functions just use the “disabled” parameter to control the access right.
  # It is allow attackers using proxy to erase the “disabled” parameter, and enable those buttons/functions.
  # Once those buttons/functions are enabled.
  # Attackers is capable to add a new user who have administrator right.