Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: hacking the mitsubishi GB-50A

from [Chris Withers] Network Security [Permanent Link]
Subject: Re: hacking the mitsubishi GB-50A
Date: Wed, 26 Mar 2008 17:47:34 +0000
Steven M. Christey wrote: 
However, if all dip switches are off, the unit can defer to
configuration as provided via an "Initial Setting Web".

Yeah, I had no idea what this meant either. Same goes for Mitsubishi's UK tech support...

be used to set the IP address (page 13).  There is no statement that
the tool restricts which address can be set, nor is there a
recommendation that only local addresses should be used.


Indeed.

It doesn't seem like much of a stretch that an admin might want to
modify the address to something other than private addresses.  Whether
the Initial Setting Web will allow this is another question, but if
so, then the scope of attack widens considerably.

Yep. I think the manual should really say "this device should be connected directly to the ethernet socket of a computer, and that computer should have locked down software to prevent unauthorised people bypassing the security on the GB-50A".

I find it slightly scary that someone might have one of these on a network that controls something like data centre aircon, and that an attacker can scan for it trivially (what answers on port 80 with a 200 to a GET for /en/administrator.html) and turn off all the aircon in the data centre...

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Invision Power Board <=2.3.x iFrame Vuln, shaheemirza
Next by Date:  [Full-disclosure] Multiple vulnerabilities in solidDB 06.00.1018, Luigi Auriemma
Previous by Thread:  Re: hacking the mitsubishi GB-50A, Steven M. Christey
Next by Thread:  phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities, Guns
Indexes:  [Date] [Thread] [Top] [All Lists]