STULZ WIB 8000 Air Conditioning Web Interface Board – Multiple Vulnerabilities

STULZ WIB 8000 Air Conditioning Web Interface Board
Vendor – STULZ GmbH, Hamburg
Vendor URL – http://www.stulz-ats.com/
Product Info – http://www.stulz-ats.com/repository/F5ABD290/C8000_WIB_STULZ_67C_0909_en.pdf
Version – 1.18
ICS-CERT ID – ICS-VU-614512

3 Default passwords (no username) w/ varying degrees of access:
ganymed – highest authorization, administrator
kallisto – medium authorization, read and write, only levels “Info” and “Operate”
europa – lowest authorization, read only, only levels “Info” and “Operate”

Once authenticated to the web interface: click network and then email =
http://host/wibConf.htm?lang=en&id=1359850188&temp=c&bus=1&unit=00001&module=1&page=6&1359850272

The admin email address is displayed, and password as ******* but this is just client-side JavaScript obscuring it. The admin’s email address password is sent cleartext if you view source, without SSL:

user
 
<input type="text" name="WI262147" maxlength="64" size="20" value="admin@example.com” />
password
 
<input type="password" name="WI262148" maxlength="64" size="20" value="password1234” />
Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: