| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Mar 2008 17:47:34 +0000
From: Chris Withers <chris@...plistix.co.uk>
To: "Steven M. Christey" <coley@...re.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: hacking the mitsubishi GB-50A
Steven M. Christey wrote:
> However, if all dip switches are off, the unit can defer to
> configuration as provided via an "Initial Setting Web".
Yeah, I had no idea what this meant either. Same goes for Mitsubishi's
UK tech support...
> be used to set the IP address (page 13). There is no statement that
> the tool restricts which address can be set, nor is there a
> recommendation that only local addresses should be used.
Indeed.
> It doesn't seem like much of a stretch that an admin might want to
> modify the address to something other than private addresses. Whether
> the Initial Setting Web will allow this is another question, but if
> so, then the scope of attack widens considerably.
Yep. I think the manual should really say "this device should be
connected directly to the ethernet socket of a computer, and that
computer should have locked down software to prevent unauthorised people
bypassing the security on the GB-50A".
I find it slightly scary that someone might have one of these on a
network that controls something like data centre aircon, and that an
attacker can scan for it trivially (what answers on port 80 with a 200
to a GET for /en/administrator.html) and turn off all the aircon in the
data centre...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
Powered by blists - more mailing lists