[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hacking the mitsubishi GB-50A



Steven M. Christey wrote:
However, if all dip switches are off, the unit can defer to
configuration as provided via an "Initial Setting Web".

Yeah, I had no idea what this meant either. Same goes for Mitsubishi's UK tech support...

be used to set the IP address (page 13).  There is no statement that
the tool restricts which address can be set, nor is there a
recommendation that only local addresses should be used.

Indeed.

It doesn't seem like much of a stretch that an admin might want to
modify the address to something other than private addresses.  Whether
the Initial Setting Web will allow this is another question, but if
so, then the scope of attack widens considerably.

Yep. I think the manual should really say "this device should be connected directly to the ethernet socket of a computer, and that computer should have locked down software to prevent unauthorised people bypassing the security on the GB-50A".

I find it slightly scary that someone might have one of these on a network that controls something like data centre aircon, and that an attacker can scan for it trivially (what answers on port 80 with a 200 to a GET for /en/administrator.html) and turn off all the aircon in the data centre...

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk