MINOVA TTA Information Disclosure Vulnerability via Unprotected Debug Port

A vulnerability in MINOVA TTA automation software allows for the unauthorized disclosure of FTP credentials over an unprotected debug port (TCP 1604). This vulnerability affects all versions prior to 11.17.0. The exposed credentials grant unauthenticated remote access to active FTP accounts, which can be exploited to access sensitive internal data and import structures. In environments where this FTP server is integrated into automated business processes, such as EDI or data integration, the vulnerability could lead to data manipulation, extraction, or misuse. Additionally, other debug ports (1602, 1603, and 1636) expose service architecture information and system activity logs, further increasing the risk.

Impact

Exploitation of this vulnerability allows for unauthorized access to FTP accounts, with full access to sensitive directories containing internal data and import structures. This could disrupt automated business processes and violate compliance requirements. The vulnerability also exposes service architecture information and system activity logs, which could be leveraged for further attacks.

Reproduction

The vulnerability can be reproduced by scanning the target network for open ports. Once the unprotected debug port 1604 is identified, it can be accessed directly, revealing FTP credentials in plaintext. These credentials can then be used to log into the FTP server, accessing sensitive directories and data.

Remediation

Users are advised to update to MINOVA TTA version 11.18.0 or later, as this version addresses the vulnerability. A dedicated update of the MINOVA TTA module 'ch.minova.nservice' from the vendor is also strongly recommended. In the meantime, FTP passwords should be changed and the exposed debug ports should be blocked at the perimeter firewall and on host-based firewalls of affected MINOVA TTA systems.