Optergy Proton Enterprise Building Management System Multiple Security Vulnerabilities

Optergy Proton Enterprise Building Management System is prone to following security vulnerabilities:

1. Multiple information disclosure vulnerabilities
2. An arbitrary file-upload vulnerability
3. A remote code execution vulnerability
4. A cross-site request forgery vulnerability
5. A security vulnerability
6. An open redirect vulnerability

An attacker may exploit these issues to execute arbitrary commands or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application and steal cookie-based authentication credentials and aid in further attacks, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, bypass security restrictions and perform unauthorized actions, disclose sensitive information.

2.3.0a and prior versions of Proton/Enterprise Building Management Systems are affected.


Privacy Statement
Copyright 2010, SecurityFocus