Novakon P Series Improper Privilege Management Vulnerability Allowing Root Access
Vulnerability
A vulnerability in the Novakon P Series HMI devices, specifically version P – V2001.A.C518o2, allows attackers to gain root privileges through improper privilege management. This issue arises when one service is compromised, as many processes on the device run with elevated privileges, increasing the overall attack surface. The vulnerability can be exploited by taking advantage of other identified issues, such as an unauthenticated buffer overflow in a UDP service that allows remote code execution as root.
Impact
Exploitation of this vulnerability could lead to full compromise of the device, with an attacker gaining root access and the ability to execute arbitrary commands or manipulate system files and configurations.
Reproduction
The vulnerability can be reproduced by exploiting the unauthenticated buffer overflow in the PSeriesbiosinterface service, which listens on UDP port 60681. This can be done by sending a crafted UDP packet that overwrites the return address with a payload that spawns a telnet server on the device. Once the telnet server is running, an attacker can log in as root without a password. This method takes advantage of the weak authentication for the root user, who has no password configured.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.