From a4c34964844404a0b6c5e6c76f712366a45159c8 Mon Sep 17 00:00:00 2001
From: sullo <sullo@cirt.net>
Date: Thu, 21 Jul 2022 11:39:58 -0400
Subject: [PATCH] Admin panels for DEOS OPENview and OPEN500EMS (#4888)

* Admin panel discovery for:
* DEOS OPENview
* DEOS OPEN500EMS

* Fix paths

* Add check for login page of Sicom MGRNG
---
 exposed-panels/deos-open500-admin.yaml  | 37 +++++++++++++++++++++++++
 exposed-panels/deos-openview-admin.yaml | 31 +++++++++++++++++++++
 exposed-panels/sicom-panel.yaml         | 30 ++++++++++++++++++++
 3 files changed, 98 insertions(+)
 create mode 100644 exposed-panels/deos-open500-admin.yaml
 create mode 100644 exposed-panels/deos-openview-admin.yaml
 create mode 100644 exposed-panels/sicom-panel.yaml

diff --git a/exposed-panels/deos-open500-admin.yaml b/exposed-panels/deos-open500-admin.yaml
new file mode 100644
index 0000000000..5812fcd906
--- /dev/null
+++ b/exposed-panels/deos-open500-admin.yaml
@@ -0,0 +1,37 @@
+id: deos-open500ems-panel
+
+info:
+  name: DEOS OPEN 500EMS Controller Admin Program Access
+  author: sullo
+  severity: high
+  description: |
+    The DEOS OPEN 500EMS controller exposes administrative functions without authentication.
+  reference:
+    - https://www.deos-ag.com/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cwe-id: CWE-284
+  tags: openv500,disclosure,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/cosmobdf.cgi?function=0"
+      - "{{BaseURL}}/cgi-bin/cosmobdf.cgi?function=1"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '<b>OPENview</b>'
+          - '/cgi-bin/cosmobdf.cgi?function=12'
+          - '/cgi-bin/cosmobdf.cgi?function=2'
+        condition: or
+
+# Enhanced by cs on 2022/07/22
diff --git a/exposed-panels/deos-openview-admin.yaml b/exposed-panels/deos-openview-admin.yaml
new file mode 100644
index 0000000000..182396fc83
--- /dev/null
+++ b/exposed-panels/deos-openview-admin.yaml
@@ -0,0 +1,31 @@
+id: deos-openview-panel
+
+info:
+  name: DEOS OPENview Admin Panel Unauthenticated Access
+  author: sullo
+  severity: high
+  description: The DEOS OPENview administrative panel is accessible without authentication.
+  reference: https://www.deos-ag.com/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cwe-id: CWE-284
+  tags: openview,disclosure,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/client/index.html"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '<title>OPENview</title>'
+
+# Enhanced by cs on 2022/07/22
diff --git a/exposed-panels/sicom-panel.yaml b/exposed-panels/sicom-panel.yaml
new file mode 100644
index 0000000000..d433150558
--- /dev/null
+++ b/exposed-panels/sicom-panel.yaml
@@ -0,0 +1,30 @@
+id: sicom-mgrng-login
+
+info:
+  name: Sicom MGRNG - Administrative Login Found
+  author: sullo
+  severity: low
+  description: |
+    Sicom MGRNG administrative login page found.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 3.7
+    cwe-id: CWE-668
+  tags: sicom,mgrng,panel
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/~sicom/mgrng/LoginForm.php"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '<title>MGRNG Login</title>'
+
+# Enhanced by cs on 2022/07/22