CVE-2019-5616 - OpenCVE

CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Broadcastboxes	Scion-8 Scion-8 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:broadcastboxes:scion-8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:broadcastboxes:scion-8:-:*:*:*:*:*:*:*

References

Link	Resource
https://blog.rapid7.com/2019/03/12/r7-2019-01-circuitwerkes-sicon-8-client-side-authentication-read-only-bypass-cve-2019-5616/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2019-03-12T00:00:00

Updated: 2019-03-15T20:57:01

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5616

JSON object: View

NVD Information

Status : Modified

Published: 2019-03-15T21:29:00.183

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5616

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "This issue was discovered and reported by independent researcher Ph055a, and was validated and disclosed by Rapid7's Coordinated Vulnerability Disclosure program."}], "datePublic": "2019-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser."}], "exploits": [{"lang": "en", "value": "Because authentication is implemented as a JavaScript function that merely redirects the user away from the web app interface, rather than relying on session tokens or other more modern access controls, an attacker can navigate to http://address:port/index.htm using a standard web browser, and just before the page is fully rendered, hit the escape key to prevent the window.location redirect from executing. Once the page is rendered, the attacker can read all of the configured labels of a Sicon-8 device and retrieve the status of the labeled interfaces."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-15T20:57:01", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2019/03/12/r7-2019-01-circuitwerkes-sicon-8-client-side-authentication-read-only-bypass-cve-2019-5616/"}], "source": {"defect": ["R7-2019-01"], "discovery": "EXTERNAL"}, "title": "CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass", "workarounds": [{"lang": "en", "value": "Users of the Sicon-8 should not expose the web-based management console to untrusted networks."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2019-03-12T15:00:00.000Z", "ID": "CVE-2019-5616", "STATE": "PUBLIC", "TITLE": "CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered and reported by independent researcher Ph055a, and was validated and disclosed by Rapid7's Coordinated Vulnerability Disclosure program."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser."}]}, "exploit": [{"lang": "en", "value": "Because authentication is implemented as a JavaScript function that merely redirects the user away from the web app interface, rather than relying on session tokens or other more modern access controls, an attacker can navigate to http://address:port/index.htm using a standard web browser, and just before the page is fully rendered, hit the escape key to prevent the window.location redirect from executing. Once the page is rendered, the attacker can read all of the configured labels of a Sicon-8 device and retrieve the status of the labeled interfaces."}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.rapid7.com/2019/03/12/r7-2019-01-circuitwerkes-sicon-8-client-side-authentication-read-only-bypass-cve-2019-5616/", "refsource": "MISC", "url": "https://blog.rapid7.com/2019/03/12/r7-2019-01-circuitwerkes-sicon-8-client-side-authentication-read-only-bypass-cve-2019-5616/"}]}, "source": {"defect": ["R7-2019-01"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Users of the Sicon-8 should not expose the web-based management console to untrusted networks."}]}}}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5616", "datePublished": "2019-03-12T00:00:00", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2019-03-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcastboxes:scion-8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "332F4667-155F-4383-93DE-EDB72BCA6F82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:broadcastboxes:scion-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D4E5D7E-A027-46A9-AF3E-7C222E510B27", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser."}, {"lang": "es", "value": "CircuitWerkes Sicon-8, un dispositivo de hardware empleado para gestionar dispositivos electr\u00f3nicos, se distribuye con un controlador del front end basado en web e implementa un mecanismo de autenticaci\u00f3n en JavaScript que se ejecuta en el contexto del navegador web de un usuario."}], "id": "CVE-2019-5616", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2019-03-15T21:29:00.183", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.rapid7.com/2019/03/12/r7-2019-01-circuitwerkes-sicon-8-client-side-authentication-read-only-bypass-cve-2019-5616/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}