ECOA Building Automation System Remote Privilege Escalation

ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.