SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-771743887] Hanwha Techwin Smart Security Manager

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-02-09OtherHanwha TechwinSteven Seeley of Source Incite discovered these vulnerabilities. N/ACVE-2017-5168 CVE-2017-5169 N/AN/AN/A

Source

						
							
								
#
# Hanwha Techwin Smart Security Manager
#


### VULNERABLE VENDOR
Hanwha Techwin


### VULNERABLE PRODUCT
Smart Security Manager



### RESEARCHER
Steven Seeley of Source Incite discovered these vulnerabilities.



### AFFECTED PRODUCTS

The following Smart Security Manager, a software management platform, versions are affected:

Smart Security Manager Versions 1.5 and prior.



### IMPACT

Successful exploitation of these vulnerabilities could allow an attacker to create an arbitrary file on the server with attacker controlled data as well as an attacker gaining root shell access. These conditions could allow remote code execution.



### VULNERABILITY OVERVIEW

PATH TRAVERSAL CWE-22
Multiple Path Traversal vulnerabilities have been identified.
The flaws exist within the ActiveMQ Broker service that is installed as part of the product.
By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server.
Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities.
These vulnerabilities can allow for remote code execution.
CVE-2017-5168 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)


CROSS-SITE REQUEST FORGERY CWE-352
Multiple Cross Site Request Forgery vulnerabilities have been identified.
The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product.
By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session.
Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities.
These vulnerabilities can allow for remote code execution.
CVE-2017-5169 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/Areas Deployed: Deployed worldwide
Company Headquarters Location: South Korea




### MITIGATION

Hanwha Techwin has released a patch for v1.4 and v1.5. Customers using v1.4 and v1.5 need to upgrade using Patch_SSMv1.5_or_1.4_for_Cert_Vulnerability.

Customers using v1.3 and prior need to upgrade using patch SSM-TS v1.60.0.

Patches and updates can be found at this location:

http://www.hanwha-security.com/prod/info.do?menuCd=MN000185&catg1=MC000087&catg2=MC000089&catg3=&mdlCd=MC000825