Vulnerabilities > CVE-2013-7248 - Credentials Management vulnerability in Franklinfueling Ts-550 EVO and Ts-550 EVO Firmware

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
franklinfueling
CWE-255
critical
exploit available
NVD
Published: 2014-01-26
Updated: 2014-01-27

Summary

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.

Vulnerable Configurations

Part Description Count
OS
Franklinfueling
2
Hardware
Franklinfueling
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionFranklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities. CVE-2013-7247,CVE-2013-7248. Webapps exploit for hardware platform
idEDB-ID:31180
last seen2016-02-03
modified2014-01-24
published2014-01-24
reporterTrustwave's SpiderLabs
sourcehttps://www.exploit-db.com/download/31180/
titleFranklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/124873/TWSL2014-001.txt
idPACKETSTORM:124873
last seen2016-12-05
published2014-01-21
reporterMatthew Jakubowski
sourcehttps://packetstormsecurity.com/files/124873/Franklin-Fuelings-T550-Evo-Access-Control-Credentials.html
titleFranklin Fueling's T550 Evo Access Control / Credentials

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:84525
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-84525
    titleFranklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities
  • bulletinFamilyexploit
    descriptionBugtraq ID:65041 CVE ID: CVE-2013-7248 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550 evo中存在安全漏洞,该漏洞源于程序对roleDiag账户使用硬编码密码。远程攻击者可利用该获取root权限,可完全控制设备。 0 Franklin Fueling Systems TS-550 evo device Firmware 2.0.0.6833和2.3.1.7492 厂商补丁: Franklin Fueling Systems ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.franklinfueling.com/evo/
    idSSV:61386
    last seen2017-11-19
    modified2014-02-07
    published2014-02-07
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-61386
    titleFranklin Fueling Systems TS-550 evo 'tsaws.cgi'安全绕过漏洞

References