SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-162243950] Sauter NovaWeb Web HMI Authentication Bypass Vulnerability

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-12-08HMISauterMaxim RuppN/ACVE-2016-5782 N/AN/AN/A

Source

						
							
								
#
# Sauter NovaWeb Web HMI Authentication Bypass Vulnerability
#


### OVERVIEW

Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in Sauter's NovaWeb web HMI application. Sauter has not produced a mitigation for this vulnerability. This product was discontinued in 2013 and is no longer supported.
This vulnerability could be exploited remotely.



### AFFECTED PRODUCTS

The following NovaWeb versions are affected:
NovaWeb web HMI, all versions.



### IMPACT

An attacker can bypass authentication by modifying values in a cookie.
Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.



### BACKGROUND

Sauter is a Germany-based company that also maintains an office in Switzerland.
The affected product, novaWeb web HMI, is a web-based HMI system. According to Sauter, novaWeb was deployed in the Commercial Facilities and Critical Manufacturing sectors. Sauter estimates that this product is used primarily in Europe.



### VULNERABILITY CHARACTERIZATION

# VULNERABILITY OVERVIEW

RELIANCE ON COOKIES WITHOUT VALIDATION AND INTEGRITY CHECKING IN A SECURITY DECISIONa
The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.
CVE-2016-5782b has been assigned to this vulnerability. A CVSS v3 base score of  7.2 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)




### VULNERABILITY DETAILS

# EXPLOITABILITY

This vulnerability could be exploited remotely.



# EXISTENCE OF EXPLOIT

No known public exploits specifically target this vulnerability.



# DIFFICULTY

An attacker with a low skill would be able to exploit this vulnerability.



### MITIGATION

Sauter has not produced a mitigation for this vulnerability
This product was discontinued in 2013 and is no longer supported.