Schneider Electric Telecontrol Products 'kw.dll' HTML Injection Vulnerability
BID:53409
Info
Schneider Electric Telecontrol Products 'kw.dll' HTML Injection Vulnerability
| Bugtraq ID: | 53409 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1990 |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2012 12:00AM |
| Updated: | May 06 2012 12:00AM |
| Credit: | phocean |
| Vulnerable: |
Schneider Electric Telecontrol Kerwin 6.0.0 Schneider Electric Telecontrol Kerweb 3.0.0 |
| Not Vulnerable: |
Schneider Electric Telecontrol Kerwin 6.0.1 Schneider Electric Telecontrol Kerweb 3.0.1 |
Discussion
Schneider Electric Telecontrol Products 'kw.dll' HTML Injection Vulnerability
Multiple Schneider Electric Telecontrol products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied data before it is used in dynamic content.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
The following products are affected:
Schneider Electric Telecontrol Kerweb versions prior to 3.0.1
Schneider Electric Telecontrol Kerwin versions prior to 6.0.1
Multiple Schneider Electric Telecontrol products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied data before it is used in dynamic content.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
The following products are affected:
Schneider Electric Telecontrol Kerweb versions prior to 3.0.1
Schneider Electric Telecontrol Kerwin versions prior to 6.0.1
Exploit / POC
Schneider Electric Telecontrol Products 'kw.dll' HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/kw.dll?page=evts.xml&sessionid=xxx&nomenu=&typeevtwin=alms&dt=&gtvariablevalue=&ltvariablevalue=&variablevalue=&nevariablevalue=&evtclass=&evtdevicezone=&evtdevicecountry=&evtdeviceregion=&evtstatustype=&evtseveritytype=&evtstatus=&evtseverity=&evtlevel=&gtdateapp=&ltdateapp=&gtdaterec=&ltdaterec=&evtvariablename=[XSS]
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/kw.dll?page=evts.xml&sessionid=xxx&nomenu=&typeevtwin=alms&dt=&gtvariablevalue=&ltvariablevalue=&variablevalue=&nevariablevalue=&evtclass=&evtdevicezone=&evtdevicecountry=&evtdeviceregion=&evtstatustype=&evtseveritytype=&evtstatus=&evtseverity=&evtlevel=&gtdateapp=&ltdateapp=&gtdaterec=&ltdaterec=&evtvariablename=[XSS]
Solution / Fix
Schneider Electric Telecontrol Products 'kw.dll' HTML Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Schneider Electric Telecontrol Products 'kw.dll' HTML Injection Vulnerability
References:
References:
- Kerweb Homepage (Schneider Electric Telecontrol)
- Kerwin Homepage (Schneider Electric Telecontrol)