SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-984703379] Automated Logic Corporation WebCTRL, i-VU, SiteScan

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-08-22OtherAutomated Logic Corporation (ALC)Gjoko Krstic from Zero Science Lab identified the vulnerabilities. N/ACVE-2017-9644 CVE-2017-9640 CVE-2017-9650 N/AN/AN/A

Source

						
							
								
#
# Automated Logic Corporation WebCTRL, i-VU, SiteScan
#


### VULNERABLE VENDOR
Automated Logic Corporation (ALC)


### VULNERABLE PRODUCT
WebCTRL, i-VU, SiteScan



### RESEARCHER
Gjoko Krstic from Zero Science Lab identified the vulnerabilities.



### AFFECTED PRODUCTS

The following versions of WebCTRL, i-Vu, SiteScan Web, building automation platforms, are affected:

ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior,
ALC WebCTRL, SiteScan Web 6.1 and prior,
ALC WebCTRL, i-Vu 6.0 and prior,
ALC WebCTRL, i-Vu, SiteScan Web 5.5  and prior, and
ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.



### IMPACT

Successful exploitation of these vulnerabilities could allow an authenticated user to elevate his or her privileges to execute arbitrary code on the system.



### VULNERABILITY OVERVIEW

UNQUOTED SEARCH PATH OR ELEMENT CWE-428
An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
CVE-2017-9644 has been assigned to this vulnerability.
A CVSS v3 base score of 4.2 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)


IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
An authenticated attacker may be able to overwrite files that are used to execute code.
This vulnerability does not affect version 6.5 of the software.
CVE-2017-9640 has been assigned to this vulnerability.
A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)


UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.
CVE-2017-9650 has been assigned to this vulnerability.
A CVSS v3 base score of 8.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)





### BACKGROUND

Critical Infrastructure Sector: Commercial Facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Kennesaw, Georgia




### MITIGATION

ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.

ALC applications should always be installed and maintained in accordance with the guidelines found here:

http://www.automatedlogic.com/Pages/Security.aspx


.

In addition ALC has released the following patches, which address these vulnerabilities:

WebCTRL 6.0, Cumulative Patch #13
WebCTRL 6.1, Cumulative Patch  #7
WebCTRL 6.5, Cumulative Patch #7 + WS65_Security_Update2.update
These patch releases may be obtained on the ALC accounts web site or calling Technical Support at 770-429-3002
i-Vu 6.0, Cumulative Patch #13
i-Vu 6.5, Cumulative Patch #7 + WS65_Security_Update2.update
The patch release may be obtained by calling Technical Support at 800-277-9852
SiteScan Web Version 6.1, Cumulative Patch  #7, and
SiteScan Web Version 6.5, Cumulative Patch #7 + WS65_Security_Update2.update.

These patches may be obtained by contacting Liebert Services at 1-800-543-2378.