vendor:
Allen-Bradley PowerMonitor 1000
by:
Luca.Chiou
8.1
CVSS
HIGH
Incorrect Access Control
287
CWE
Product Name: Allen-Bradley PowerMonitor 1000
Affected Version From: 1408-EM3A-ENT B
Affected Version To: 1408-EM3A-ENT B
Patch Exists: YES
Related CWE: CVE-2018-19616
CPE: h:rockwellautomation:1408-powermonitor_1000
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: It is a proprietary devices
2018
Rockwell Automation Allen-Bradley PowerMonitor 1000 – Incorrect Access Control
In Rockwell Automation Allen-Bradley PowerMonitor 1000 web page, there are a few buttons are disabled, such as “Edit”, “Remove”, “AddNew”, “Change Policy Holder” and “Security Configuration”. View the source code of login page, those buttons/functions just use the “disabled” parameter to control the access right. It is allow attackers using proxy to erase the “disabled” parameter, and enable those buttons/functions. Once those buttons/functions are enabled. Attackers is capable to add a new user who have administrator right.
Mitigation:
Ensure that access control mechanisms are properly implemented and enforced.
