Sauter NovaWeb Web HMI Authentication Bypass Vulnerability (CVE-2016-5782)

Key Information Summary Vulnerability Name: Sauter NovaWeb Web HMI Authentication Bypass Vulnerability Alert Code: ICSA-16-343-02 Last Revised Date: December 8, 2016 Affected Products: All versions of NovaWeb Web HMI Vulnerability Overview Overview: Independent researcher Maxim Rupp discovered an authentication bypass vulnerability in Sauter’s NovaWeb Web HMI application. Sauter has not provided any mitigations for this vulnerability. The product was discontinued in 2013 and is no longer supported. Impact Description: Attackers can bypass authentication by modifying values in cookies. Impact: The impact on individual organizations depends on many unique factors. NCCIC/ICS-CERT recommends that organizations assess the impact of this vulnerability based on their operational environment, architecture, and product implementation. Background Background: Sauter is a German company with offices in Switzerland. The affected product, NovaWeb Web HMI, is a web-based HMI system primarily used in commercial facilities and critical manufacturing sectors, mainly in Europe. Vulnerability Characteristics Vulnerability Summary: CWE-784: Reliance on Cookies Without Validity and Integrity Checks for Security Decisions. The application uses a protection mechanism that relies on the presence or value of cookies, but cannot ensure that the cookie is valid for the relevant user. CVE Identifier: CVE-2016-5782NVD CVSS Score: Base Score of 7.2 Vulnerability Details Exploitability: The vulnerability can be exploited remotely. Known Exploits: No public exploits specifically targeting this vulnerability are known. Difficulty: Low-skilled attackers can exploit this vulnerability. Mitigations Mitigations Provided by Sauter: None ICS-CERT Recommendations: Users should implement defensive measures to minimize the risk of exploitation, including minimizing network exposure, isolating control system networks from remote devices, and using secure remote access methods.

Goal Reached Thanks to every supporter — we hit 100%!

Sauter NovaWeb Web HMI Authentication Bypass Vulnerability (CVE-2016-5782)