Re: hacking the mitsubishi GB-50A
Steven M. Christey wrote:
However, if all dip switches are off, the unit can defer to
configuration as provided via an "Initial Setting Web".
Yeah, I had no idea what this meant either. Same goes for Mitsubishi's
UK tech support...
be used to set the IP address (page 13). There is no statement that
the tool restricts which address can be set, nor is there a
recommendation that only local addresses should be used.
Indeed.
It doesn't seem like much of a stretch that an admin might want to
modify the address to something other than private addresses. Whether
the Initial Setting Web will allow this is another question, but if
so, then the scope of attack widens considerably.
Yep. I think the manual should really say "this device should be
connected directly to the ethernet socket of a computer, and that
computer should have locked down software to prevent unauthorised people
bypassing the security on the GB-50A".
I find it slightly scary that someone might have one of these on a
network that controls something like data centre aircon, and that an
attacker can scan for it trivially (what answers on port 80 with a 200
to a GET for /en/administrator.html) and turn off all the aircon in the
data centre...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk