Samsung Data Management Server < 1.4.3 verifyUser Method SQL Injection

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to a SQL injection attack.

Description :

The remote web server is an embedded web server in a Samsung
Integrated Management System DMS (Data Management Server), an embedded
hardware device used to manange a large number of air conditioning
units.

According to its self-reported version, the version of this web server
is earlier than 1.4.3. Such versions are reportedly affected by a SQL
injection vulnerability due to a failure of the software to sanitize
input to the username and password fields of the login page before
using it in a database query in the 'verifyUser()' method in the
LoginManager class.

An unauthenticated remote attacker can leverage this issue to
manipulate database queries and, for example, bypass authentication
and gain administrative access to the device.

See also :

http://www.nessus.org/u?7410165c
http://www.nessus.org/u?c0842762

Solution :

Upgrade DMS to 1.4.3 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 53877 ()

Bugtraq ID: 47726

CVE ID: CVE-2010-4284