SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-971520652] Hanwha Techwin SRN-4000

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-05-16OtherHanwha TechwinCan Demirel and Faruk Unal of Biznet Bilisim discovered the vulnerability and have tested the patch. N/ACVE-2017-7912 N/AN/AN/A

Source

						
							
								
#
# Hanwha Techwin SRN-4000
#


### VULNERABLE VENDOR
Hanwha Techwin


### VULNERABLE PRODUCT
SRN-4000



### RESEARCHER
Can Demirel and Faruk Unal of Biznet Bilisim discovered the vulnerability and have tested the patch.



### AFFECTED PRODUCTS

The following versions of SRN-4000, a network video management platform, are affected:

SRN-4000 firmware versions prior to SRN4000_v2.16_170401.



### IMPACT

Successful exploitation of this vulnerability could allow the attacker remote access to the web management portal with admin privileges without authentication.



### VULNERABILITY OVERVIEW

IMPROPER ACCESS CONTROL CWE-284
A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.
CVE-2017-7912 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Water and Wastewater Systems.
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Seoul, South Korea




### MITIGATION

Hanwha Techwin recommends that users update to firmware Version SRN4000_v2.16_170401.zip or newer.

The latest firmware version can be obtained from the following location:

https://www.hanwha-security.com/


(Products > Video Recorders > SRN-4000 > Download > Firmware)