The S20 Ethernet Switch is a device manufactured by GE Grid Solution which is deployed in industrial environments. This device is part of ICS/SCADA architectures.
Stored XSS flaws can result in a large number of possible exploitation scenarios. With most XSS flaws, the entirety of the JavaScript language is available to the malicious user.
(eight advisories in document) Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is affected by a memory corruption vulnerability when processing cookies. An unauthenticated attacker could leverage the vulnerability to take full control over the switch.
It is also affected by a memory corruption vulnerability when processing ioIndex GET parameter values. An attacker with valid credentials for the web interface could leverage the vulnerability to take full control of the switch.
Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is affected by a reflected cross-site scripting (XSS) vulnerability when accessing non-existent paths. An attacker could trick an operator into opening a booby-trapped link and exfiltrate the operator’s credentials or perform actions without the operator’s consent.
It is also affected by multiple cross-site request forgery (CSRF) vulnerabilities. An attacker could trick an operator to visit a malicious page that will perform actions on behalf of the victim without the victim’s knowledge or consent. The attacker could for instance change the settings of the switch or create a rogue user with admin privileges.
Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is insecurely parsing the System Property field from incoming Link Layer Discovery Protocol (LLDP) packets. An attacker in an adjacent network could send malicious LLDP packets that will inject arbitrary clickable links on the web interface’s LLDP neighbors page, which could lead to different social engineering ruses.
It is also supporting weak SSH key exchange methods and ciphers. An attacker could leverage these weaknesses to potentially decrypt traffic or place a rogue computer between the device and the operator.
Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is insecurely storing passwords on the device. The passwords are stored base64-encoded, which can be trivially decoded by an attacker with access to the configuration.
Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) discloses sensitive information (e.g. stack traces) in the serial console. An attacker with physical access to the device could leverage the information to help discover and develop exploits.
The application is vulnerable to reflected cross-site scripting (XSS). The requested data, which contains JavaScript code, is reflected in the response. Attackers could trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. The JavaScript code could be used for several purposes including stealing user cookies or as a second step to hijacking a
user’s session. Another attack plan could include the possibility of inserting HTML instead of JavaScript to change/modify the contents of the vulnerable page, which could be used to trick the client.
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.