CVE-2018-9161 in Checkweigher PrismaWEB
Summary
by MITRE
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/20/2020
The vulnerability identified as CVE-2018-9161 affects the Prisma Industriale Checkweigher PrismaWEB version 1.21, representing a critical security flaw in industrial control systems. This device is designed for weighing and quality control applications in manufacturing environments, making it a potential target for cyber attacks that could disrupt production processes or compromise sensitive operational data. The vulnerability stems from improper security implementation within the web interface of the system, specifically in how authentication credentials are handled.
The technical flaw manifests through the exposure of a hardcoded password within the javascript source code file user/scripts/login_par.js. This represents a fundamental security misconfiguration where sensitive authentication information is embedded directly into the application code rather than being securely managed through proper credential storage mechanisms. The hardcoded password allows remote attackers to gain unauthorized access to the prismaweb account without requiring any additional authentication factors or exploitation techniques. This type of vulnerability is classified under CWE-798 as the use of hardcoded credentials, which is a well-documented weakness in software security practices.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it provides attackers with persistent credentials that could be used to manipulate system configurations, access sensitive operational data, or potentially disrupt manufacturing processes. Industrial control systems like the PrismaWEB are often critical infrastructure components where unauthorized access can lead to production downtime, quality control failures, or even safety hazards. The remote nature of the attack means that threat actors do not require physical access to the device or network connectivity to exploit this vulnerability, significantly expanding the attack surface.
Security professionals should consider this vulnerability in the context of the MITRE ATT&CK framework, particularly under the T1078 technique for valid accounts and T1566 for credential access. The presence of hardcoded credentials directly maps to the credential access phase where attackers seek to obtain valid authentication information. Organizations using this equipment should implement immediate mitigations including changing the default password, disabling unnecessary services, and implementing network segmentation to limit access to critical industrial systems. Additionally, regular security audits and source code reviews should be conducted to identify similar hardcoded credentials in other industrial control system components. The vulnerability highlights the importance of following secure coding practices and proper credential management in industrial environments where system integrity and operational continuity are paramount.