Published: 01/07/2019 Updated: 28/03/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.

Vulnerable Product	Search on Vulmon	Subscribe to Product
optergy proton
optergy enterprise

# Title: Optergy 230a - Remote Code Execution # Author: LiquidWorm # Date: 2019-11-05 # Vendor: optergycom/ # Product web page: optergycom/products/ # Affected version: <=230a # Advisory: applied-riskcom/resources/ar-2019-008 # Paper: applied-riskcom/resources/i-own-your-building-management-system # CVE: C ...

Optergy BMS versions 203a and below unauthenticated remote root exploit Related CVE number: CVE-2019-7276 ...

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications Versions 203a and below are vulnerable Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Consolejsp in the tools directory and gain full system ...

#CVE: CVE-2019-7276 Optergy_230a_RCE twitter:@momika233 If you feel interesting, please give a star!!!!!thank you If you feel interesting, please give a star!!!!!thank you If you feel interesting, please give a star!!!!!thank you

NVD-CWE-noinfo https://applied-risk.com/labs/advisories http://www.securityfocus.com/bid/108686 https://www.applied-risk.com/resources/ar-2019-008 http://packetstormsecurity.com/files/171564/Optergy-Proton-And-Enterprise-BMS-2.0.3a-Command-Injection.html https://nvd.nist.gov https://github.com/momika233/Optergy_2.3.0a_RCE https://www.exploit-db.com/exploits/47641

CVE-2019-7276

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect