DSA-2023-08-01

Insufficient restrictions and input sanitization exist in Danfoss AK-SM 800A, potentially leading to full system compromise

Advisory Information

Advisory ID: DSA-2023-08-01

CVE numbers and CVSS scores
- CVE-2023-25913
  Base Score: 7.5 (HIGH)
- CVE-2023-25914
  Base Score:7.5 (HIGH)
- CVE-2023-25915
  Base Score: 9.8 (CRITICAL)

Summary

Multiple vulnerabilities related to insufficient restrications and input santization exist in the Danfoss AK-SM800A. These vulnerabilities should be considered serious and could lead to the full compromise of the system. Install the latest patch with number 3.3 to remediate these vulnerabilities.

Affected products and services

Danfoss AK-SM 800A all Series with SW version below/before 3.3

Vulnerability description

CVE-2023-25913 - AUTHENTICATION BYPASS IN DANFOSS AK-SM800A
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
Problem Type: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVE-2023-25914 - PATH TRAVERSAL IN DANFOSS AK-SM800A
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.
Problem type(s): CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-25915 - REMOTE COMMAND EXECUTION IN DANFOSS AK-SM800A
Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.
Problem type(s): CWE-20 Improper Input Validation

Remediations

Install the latest software version. V3.3 or higher through AK-SM 800A Series | Danfoss.

Mitigations

Credits (if opted in)

Jony Schats (HackDefense)
Stan Plasmeijer (HackDefense)
Synacktiv
Max van der Horst (Dutch Institute for Vulnerability Disclosure)

Other reference

Update log

21 Aug, 2023: Publication