lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 10 Nov 2023 07:12:31 +0000
From: Phos4Me via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD]  Senec Inverters Home V1, V2,
	V3 Home & Hybrid Publicly Accessible Default Credentials-
	CVE-2023-39170

> > Advisory ID: Ph0s-2023-004
> > Product: EnBw - SENEC legacy storage box: V1-V3
> > Manufacturer: SENEC - a part of EnBw
> > Affected Version(s): Firmware: all (as of 2023-06-19)
> > Tested Version(s): current
> > Vulnerability Type: CWE-1392: Use of Default Credentials
> > 

> > Risk Level:
> > CVSS v3.1 Vector:
> > AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical)
> > 

> > Manufacturer Risk Level Rating:
> > AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:H/RL:U/RC:C
> > Overall CVSS Score: 8.6
> > 

> > Solution Status: Fixed
> > Manufacturer Notification: 2023-06-05
> > Public Disclosure: 2023-11-01
> > CVE Reference: CVE-2023-39170
> > Author of Advisory: Ph0s[4], R0ckE7
> > 

> > ********************************************************************************
> > 

> > Overview:
> > Foreword:
> > This vulnerability was reported to the enbw-cert. we would like to
> > thank enbw-cert for taking care of the vulns and patch the systems.
> > we decided to publish when most of the reported vulns are patched
> > to make sure nobody is harmed when 3rdparys exploit the mentioned vulns.
> > 

> > About Senec:
> > We are SENEC
> > 

> > We have been the EnBW energy independence experts since 2018 – but we have
> > put our heart and soul into guiding customers on the route to independence
> > since SENEC was founded in 2009. Our passion lies in actively promoting the
> > energy transition with innovative ideas and pioneering products. And,
> > because we don’t do things by halves, our unwavering ambition is to create
> > integrated solutions that enable you to enjoy the highest possible degree
> > of independence and sustainability through self-generation of solar
> > electricity.
> > 

> > About SENEC Home:
> > 

> > SENEC.Home: The smart electricity storage device for your home
> > 

> > SENEC.Home is the heart of the your sustainable, affordable supply of solar
> > electricity. The smart battery storage device stores excess electricity
> > generated by your PV system so that you can use it when you need it – such as
> > when your household’s energy consumption rises in the evening, or on rainy days
> > when your PV system generates less power.
> > 

> > ********************************************************************************
> > 

> > Vulnerability Details:
> > 

> > The credentials for the senec inverters are known in public.
> > 

> > ********************************************************************************
> > 

> > Proof of Concept (PoC):
> > 

> > The attack consists of the following steps:
> > 

> > 1. use google to optain them, eg:
> > https://www.photovoltaikforum.com/thread/206930-senec-v3-hybrid-zugangsdaten/
> > 

> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 

> > Solution:
> > Patched by Manufacturer
> > (Rolled out until September 11, 2023)
> > 

> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 

> > Disclosure Timeline:
> > 

> > 2022-06-01: Vulnerability discovered
> > 2023-06-05: Vulnerability reported to manufacturer
> > 2023-09-11: Patch rollout by manufacturer to affected devices
> > 2023-11-01: Public disclosure of vulnerability
> > 

> > ************************************************************************
> > 

> > Researcher:
> > Ph0s[4], R0ckE7
> > 

> > ************************************************************************
> > 

> > Disclaimer:
> > 

> > The information provided in this security advisory is provided "as is"
> > and without warranty of any kind. Details of this security advisory may
> > be updated in order to provide as accurate information as possible.
> > 

> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 

> > Copyright:
> > 

> > Creative Commons - Attribution (by) - Version 4.0
> > URL: https://creativecommons.org/licenses/by/4.0/deed.en
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > https://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: https://seclists.org/fulldisclosure/
Download attachment "publickey - Phos4Me@...ton.me - 0x3F4F673D.asc" of type "application/pgp-keys" (641 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (250 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists