Admin panels for DEOS OPENview and OPEN500EMS (#4888)

* Admin panel discovery for: * DEOS OPENview * DEOS OPEN500EMS * Fix paths * Add check for login page of Sicom MGRNG
2022-07-21 11:39:58 -04:00 · 2022-07-21 11:39:58 -04:00 · a4c3496484
parent 2163eb14de
commit a4c3496484
3 changed files with 98 additions and 0 deletions
--- a/exposed-panels/deos-open500-admin.yaml
+++ b/exposed-panels/deos-open500-admin.yaml
@ -0,0 +1,37 @@
+id: deos-open500ems-panel
+
+info:
+  name: DEOS OPEN 500EMS Controller Admin Program Access
+  author: sullo
+  severity: high
+  description: |
+    The DEOS OPEN 500EMS controller exposes administrative functions without authentication.
+  reference:
+    - https://www.deos-ag.com/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cwe-id: CWE-284
+  tags: openv500,disclosure,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/cosmobdf.cgi?function=0"
+      - "{{BaseURL}}/cgi-bin/cosmobdf.cgi?function=1"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '<b>OPENview</b>'
+          - '/cgi-bin/cosmobdf.cgi?function=12'
+          - '/cgi-bin/cosmobdf.cgi?function=2'
+        condition: or
+
+# Enhanced by cs on 2022/07/22
--- a/exposed-panels/deos-openview-admin.yaml
+++ b/exposed-panels/deos-openview-admin.yaml
@ -0,0 +1,31 @@
+id: deos-openview-panel
+
+info:
+  name: DEOS OPENview Admin Panel Unauthenticated Access
+  author: sullo
+  severity: high
+  description: The DEOS OPENview administrative panel is accessible without authentication.
+  reference: https://www.deos-ag.com/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cwe-id: CWE-284
+  tags: openview,disclosure,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/client/index.html"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '<title>OPENview</title>'
+
+# Enhanced by cs on 2022/07/22
--- a/exposed-panels/sicom-panel.yaml
+++ b/exposed-panels/sicom-panel.yaml
@ -0,0 +1,30 @@
+id: sicom-mgrng-login
+
+info:
+  name: Sicom MGRNG - Administrative Login Found
+  author: sullo
+  severity: low
+  description: |
+    Sicom MGRNG administrative login page found.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 3.7
+    cwe-id: CWE-668
+  tags: sicom,mgrng,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/~sicom/mgrng/LoginForm.php"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '<title>MGRNG Login</title>'
+
+# Enhanced by cs on 2022/07/22