Application: Rittal CMC PU III Web management
Devices: CMC PU III 7030.000
Software Revision: From V3.11.00_2 to V3.15.70_4
Hardware Revision: From V3.00 to V6.01
Attack type: Stored XSS
Solution: Update to Software Revision V3.17.10 or later
Summary: Web application fails to sanitize user input on system configurations page. This allows attacker to backdoor the device with HTML and browser interpreted content (such as JS or other client-side scripts) as the content is displayed always after and before login. Persistent XSS allows attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface either with valid credentials or hijacked session.
Technical Description: See CVE-2019-19393.pdf
Timeline:
- 2019-11-11 Issues discovered
- 2019-11-28 First contact with vendor via e-mail
- 2020-03-02 Second contact with vendor via e-mail
- 2020-03-02 Vendor response. XSS vulnerabilities were already detected, and would be patched in the next release
- 2020-08-20 New Software Version release. V3.17.10
- 2020-09-28 Vulnerability patch confirmed