SB2017101306 - Multiple vulnerabilities in ProMinent MultiFLEX M10a Controller

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017101306

SB2017101306 - Multiple vulnerabilities in ProMinent MultiFLEX M10a Controller

Published: October 13, 2017

Security Bulletin ID SB2017101306
Severity
Low
Patch available
NO
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2017-14013)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the log out function in the application removes the user’s session only on the client side. A remote attacker can bypass protection mechanisms, gain elevated privileges, or assume the identity of an authenticated user.

2) Security restrictions bypass (CVE-ID: CVE-2017-14007)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the user’s session is available for an extended period beyond the last activity. A remote attacker can bypass protection mechanisms and reuse an old session for authorization.

3) Cross-site request forgery (CVE-ID: CVE-2017-14011)

The vulnerability allows a remote authenticated attacker to perform CSRF attack.

The weakness exists due to a lack of cross-site request forgery (CSRF) protection. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.

4) Information disclosure (CVE-ID: CVE-2017-14009)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the current password for the user is specified in plaintext. A remote attacker can use the “Change Password” feature on the application and gain access to the password.

5) Unverified Password Change (CVE-ID: CVE-2017-14005)

The vulnerability allows a remote authenticated attacker to change password on the target system.

The weakness exists due to the application does not require the user to know the original password when setting a new password. A remote attacker can change a user’s password, enabling future access and possible configuration changes.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References