Samsung Data Management Server < 1.4.3 verifyUser Method SQL Injection

high Nessus Plugin ID 53877

Synopsis

The remote web server is prone to a SQL injection attack.

Description

The remote web server is an embedded web server in a Samsung Integrated Management System DMS (Data Management Server), an embedded hardware device used to manange a large number of air conditioning units.

According to its self-reported version, the version of this web server is earlier than 1.4.3. Such versions are reportedly affected by a SQL injection vulnerability due to a failure of the software to sanitize input to the username and password fields of the login page before using it in a database query in the 'verifyUser()' method in the LoginManager class.

An unauthenticated remote attacker can leverage this issue to manipulate database queries and, for example, bypass authentication and gain administrative access to the device.

Solution

Upgrade DMS to 1.4.3 or later.

See Also

http://www.nessus.org/u?7410165c

http://www.nessus.org/u?c0842762

Plugin Details

Severity: High

ID: 53877

File Name: scada_samsung_dms_1_4_3.nbin

Version: 1.85

Type: remote

Family: SCADA

Published: 5/11/2011

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2011

Vulnerability Publication Date: 5/9/2011

Reference Information

CVE: CVE-2010-4284

BID: 47726

CERT: 236668

ICS-ALERT: 11-069-01