Phasefale Controls JouleTemp Three Vulnerabilities

Vendor: Phasefale Controls Pty. Ltd.
Product: JouleTemp

According to the documentation, by default the web interface has a default admin password:

“Programming links to settings page ( username [admin] and password [pass] are required.)”

Without authenticating, the splash page will also reveal the internal IP address of the device.

jouletemp-internal_ip

Finally, the /set/comment.html page contains a stored XSS (CVE-2013-78009). You get to this page by clicking “Add HACCP Note” and then insert a standard XSS string in the “Comment” field (newhaccpcomment parameter). It doesn’t seem to scrub any user input.

POST /set/comment.html HTTP/1.1
[..]
newhaccpnote=1&newhaccpcomment=%22%3E%3Cscript%3Ealert%28%27document.cookie%27%29%3C%2Fscript%3E++&eventlogid=1

Discovered: 2013-02-13
Reported to ICS-CERT: 2013-04-10
ICS-CERT passed to CERT/CC: 2013-04-19
CERT/CC assigns VU#647752: 2013-04-25
CERT/CC says issues too low risk to coordinate disclosure: 2013-05-06

Advertisements

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: