TippingPoint Zero Day Initiative
 

(0Day) ABB DataManagerPro File Permissions Privilege Escalation Vulnerability

ZDI-16-479: August 17th, 2016

CVSS Score

Affected Vendors

Affected Products

    DataManagerPro

Vulnerability Details


This vulnerability allows attackers to escalate their privilege to system administrator on vulnerable installations of ABB DataManagerPro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the file permissions set during product installation. The World account is set to have full rights to the directory that contains the binaries that are executed by system administrators. File substitution would then allow a standard user on the system to replace code that is subsequently run by a system administrator.

Vendor Response

ABB states:


This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.

01/13/2016 - ZDI disclosed the report for this vendor to ICS-CERT
01/19/2016 - ICS-CERT acknowledged the report and provided a tracking number
05/31/2016 - ZDI requested an update
06/01/2016 - ICS-CERT advised ZDI that the timeline for introduction of the fix was June/July
06/02/2016 - ZDI asked if the vendor could bring the release date in slightly
08/09/2016 - ZDI notified ICS-CERT of the intention to disclose the reports as 0-day the next week

-- Mitigation:
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted users.


Disclosure Timeline

    2016-01-13 - Vulnerability reported to vendor
    2016-08-17 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:
    rgod