A remote attacker is able to inject javascript code in the Bacnet device abusing the read/write properties from the Bacnet protocol itself, the code is going to be stored in the Bacnet database helping the attacker to achieve persistence in the victim browser, we are talking about devices that operates in building enviroments or industrial facilities , the posibility to jump from that point to another point in the industrial network using this particular vector is really high.
Bio:
Bertin is a Security Researcher
0 Comments