Vulnerabilities > CVE-2013-7248 - Credentials Management vulnerability in Franklinfueling Ts-550 EVO and Ts-550 EVO Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities. CVE-2013-7247,CVE-2013-7248. Webapps exploit for hardware platform |
id | EDB-ID:31180 |
last seen | 2016-02-03 |
modified | 2014-01-24 |
published | 2014-01-24 |
reporter | Trustwave's SpiderLabs |
source | https://www.exploit-db.com/download/31180/ |
title | Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities |
Packetstorm
data source | https://packetstormsecurity.com/files/download/124873/TWSL2014-001.txt |
id | PACKETSTORM:124873 |
last seen | 2016-12-05 |
published | 2014-01-21 |
reporter | Matthew Jakubowski |
source | https://packetstormsecurity.com/files/124873/Franklin-Fuelings-T550-Evo-Access-Control-Credentials.html |
title | Franklin Fueling's T550 Evo Access Control / Credentials |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:84525 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-84525 title Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities bulletinFamily exploit description Bugtraq ID:65041 CVE ID: CVE-2013-7248 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550 evo中存在安全漏洞,该漏洞源于程序对roleDiag账户使用硬编码密码。远程攻击者可利用该获取root权限,可完全控制设备。 0 Franklin Fueling Systems TS-550 evo device Firmware 2.0.0.6833和2.3.1.7492 厂商补丁: Franklin Fueling Systems ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.franklinfueling.com/evo/ id SSV:61386 last seen 2017-11-19 modified 2014-02-07 published 2014-02-07 reporter Root source https://www.seebug.org/vuldb/ssvid-61386 title Franklin Fueling Systems TS-550 evo 'tsaws.cgi'安全绕过漏洞