CVE-2019-7276 Scanner

Optergy Proton and Enterprise are smart building management systems used by facilities managers and building operators for energy management and building automation. These systems are deployed in industrial, commercial, and residential environments globally. They facilitate the control and monitoring of HVAC systems, lighting, utility metering, and other connected devices. The devices are primarily used to increase energy efficiency and provide centralized control of building systems. The easy-to-use interfaces and support for a variety of protocols make Optergy products popular among facility managers. The versatility of Optergy systems enables seamless integration with other building management systems. These products are widely adopted due to their ability to offer comprehensive insights into building operations.

The Remote Code Execution (RCE) vulnerability detected in Optergy Proton and Enterprise allows execution of arbitrary commands on the system remotely without authentication. This vulnerability is critical as it enables attackers to gain unauthorized control over affected systems. The issue arises from a backdoor console, which attackers can exploit to run harmful commands. It poses severe risks to sensitive data and system operations. Exploiting this vulnerability could result in complete system compromise. The critical nature of this vulnerability stems from its potential to cause disruption and unauthorized access to sensitive building systems and data.

The vulnerability takes advantage of a backdoor console present in the Optergy Proton/Enterprise devices. Attackers can initiate a GET request to retrieve a challenge, which they subsequently use to make a POST request containing the hashed combination of the challenge to execute commands on the system. The specific endpoint affected is '/tools/ajax/ConsoleResult.html', handling commands sent with vulnerable parameters. The interaction involves sending a specially crafted request to execute commands like reading system files. Attackers utilize the challenge endpoint to calculate a response and exploit the system without authentication. The process bypasses standard security controls, illustrating the severity of the vulnerability.

If malicious actors exploit this vulnerability, they could gain full control of the affected systems, execute arbitrary code, and access sensitive data. The exploitation may lead to unauthorized access to critical building systems and indicate the misappropriation of resources. System operations could be disrupted, potentially affecting HVAC, lighting, and security systems in smart buildings. The broad access may allow attackers to implement unwanted programs or create additional backdoors, fortifying unauthorized access securely. Furthermore, exploitation can result in the manipulation of energy management settings, leading to increased operational costs and energy wastage. The privacy of building occupants might also be compromised.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2019-7276
• https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/optergy_bms_backdoor_rce_cve_2019_7276.rb
• https://attackerkb.com/topics/QrYFIjnd3J/cve-2019-7276
• https://www.zeroscience.mk/files/ioybms_gk_2019.pdf