CVE-2017-6564 in TS-550 EVO
Summary
by MITRE
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/22/2020
The vulnerability identified as CVE-2017-6564 affects Franklin Fueling Systems TS-550 evo devices running firmware version 2.3.0.7332, representing a critical authorization flaw that undermines the device's security architecture. This issue stems from improper access controls within the web interface, specifically within the /download directory where the idSourceFileName parameter is exposed to the Guest user account. The Guest user role typically represents the lowest privilege level within most networked systems, yet this vulnerability allows unauthorized access to sensitive system resources that should remain protected from standard user accounts.
The technical flaw manifests through a path traversal vulnerability that enables the Guest user to manipulate the idSourceFileName parameter to access files outside of the intended download directory. This misconfiguration allows attackers to bypass normal file access restrictions and potentially retrieve sensitive database files, configuration information, and other system artifacts that contain credentials, system configurations, or other intelligence valuable for subsequent exploitation phases. The vulnerability directly relates to CWE-22 Path Traversal and CWE-285 Improper Authorization, both of which are fundamental security weaknesses that have been consistently documented in the CWE database as high-risk vulnerabilities.
The operational impact of this vulnerability extends beyond simple unauthorized file access, as it creates a potential foothold for more sophisticated attacks within the network infrastructure. An attacker who successfully exploits this vulnerability can obtain database files containing user credentials, system configurations, and potentially sensitive operational data that could be used for privilege escalation, lateral movement, or to conduct more targeted attacks against the broader network. This represents a significant risk for fueling systems that may be connected to critical infrastructure or contain sensitive operational data that could be targeted by adversaries seeking to disrupt services or gain unauthorized access to fuel management systems.
The vulnerability demonstrates a clear failure in the principle of least privilege implementation, where the Guest user account should not have access to system-level files that could compromise the device's integrity or confidentiality. Organizations using Franklin Fueling Systems TS-550 evo devices should immediately implement mitigations including firmware updates from the vendor, network segmentation to isolate these devices, and enhanced monitoring of unusual file access patterns. The ATT&CK framework categorizes this type of vulnerability under T1210 Lateral Movement and T1078 Valid Accounts, as it allows an attacker to leverage a low-privilege account to access sensitive information that could facilitate further compromise of the system or network. Additionally, this vulnerability aligns with T1005 Data from Local System and T1083 File and Directory Discovery, as it enables attackers to enumerate and access system files that should remain protected from unauthorized access.