DSA-2023-08-01

Advisory Information

Advisory ID: DSA-2023-08-01

• CVE numbers and CVSS scores
  • CVE-2023-25913
    Base Score: 7.5 (HIGH)
  • CVE-2023-25914
    Base Score:7.5 (HIGH)
  • CVE-2023-25915
    Base Score: 9.8 (CRITICAL)

Summary

Multiple vulnerabilities related to insufficient restrications and input santization exist in the Danfoss AK-SM800A. These vulnerabilities should be considered serious and could lead to the full compromise of the system. Install the latest patch with number 3.3 to remediate these vulnerabilities.

Affected products and services

• Danfoss AK-SM 800A all Series with SW version below/before 3.3

Vulnerability description

CVE-2023-25913 - AUTHENTICATION BYPASS IN DANFOSS AK-SM800A
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
Problem Type: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVE-2023-25914 - PATH TRAVERSAL IN DANFOSS AK-SM800A
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.
Problem type(s): CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-25915 - REMOTE COMMAND EXECUTION IN DANFOSS AK-SM800A
Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.
Problem type(s): CWE-20 Improper Input Validation

Remediations

• Install the latest software version through AK-SM 800A Series | Danfoss.

Mitigations

• N/A

Credits (if opted in)

• Jony Schats (HackDefense)
• Stan Plasmeijer (HackDefense)
• Synacktiv
• Max van der Horst (Dutch Institute for Vulnerability Disclosure)

Other reference

• https://csirt.divd.nl/cases/DIVD-2023-00025/
• https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview

Update log

• 21 Aug, 2023: Publication