Submit #202313: Supcon's InPlant SCADA product has an engineering file password bypass vulnerabilityinfo

TitleSupcon's InPlant SCADA product has an engineering file password bypass vulnerability
DescriptionSupcon's InPlant SCADA product has an engineering file password bypass vulnerability, which is an industrial control SCADA software produced by China's Supcon company; This software can set passwords when creating project files, but the passwords are stored in MD5 format in the Project.xml and/Users/userini files under the project file directory. By modifying or canceling the password field content in these two configuration files, password restrictions can be bypassed
Source⚠️ https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link
User
 01dgu0 (UID 53763)
Submission09/01/2023 10:25 (3 years ago)
Moderation09/15/2023 08:20 (14 days later)
StatusAccepted
VulDB entry239797 [Supcon InPlant SCADA up to 20230901 Project.xml weak password hash]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!