CVE-2019-10850 – CVE-2019-10850 is a critical vulnerability in C... (How to Fix)

Q: What is the severity of CVE-2019-10850?

CVE-2019-10850 has a CVSS score of 9.8 (CRITICAL). CVE-2019-10850 is a critical vulnerability in Computrols CBAS building automation systems where default credentials are hardcoded, allowing attackers to gain administrative access. This affects all organizations using CBAS 18.0.0 for building management. Attackers can completely compromise the system and potentially access connected building control systems.

📋 TL;DR

CVE-2019-10850 is a critical vulnerability in Computrols CBAS building automation systems where default credentials are hardcoded, allowing attackers to gain administrative access. This affects all organizations using CBAS 18.0.0 for building management. Attackers can completely compromise the system and potentially access connected building control systems.

💻 Affected Systems

Products:

Computrols CBAS (Computerized Building Automation System)

Versions: 18.0.0

Operating Systems: Windows-based systems running CBAS software

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of CBAS 18.0.0 are vulnerable unless credentials have been manually changed from defaults.

📦 What is this software?

Computrols Building Automation Software by Computrols

View all CVEs affecting Computrols Building Automation Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover allowing attackers to manipulate building controls (HVAC, lighting, security systems), steal sensitive data, and use the system as a pivot point to attack other network segments.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, data exfiltration, and installation of persistent backdoors.

🟢

If Mitigated

Limited impact if proper network segmentation and credential rotation are implemented, though default credentials remain a significant risk.

🌐 Internet-Facing: HIGH - Systems exposed to the internet can be easily discovered and exploited by automated scanners.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to insider threats or attackers who breach the network perimeter.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of default credentials, which are publicly documented. Automated tools can easily scan for and exploit this vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions of CBAS (contact vendor for specific version)

Vendor Advisory: https://applied-risk.com/labs/advisories

Restart Required: Yes

Instructions:

1. Contact Computrols for updated software version. 2. Backup current configuration. 3. Install updated version. 4. Change all default credentials. 5. Restart system and verify functionality.

🔧 Temporary Workarounds

Credential Rotation

all

Immediately change all default credentials to strong, unique passwords.

Use CBAS administrative interface to change passwords for all accounts

Network Segmentation

all

Isolate CBAS systems from internet and restrict internal network access.

Configure firewall rules to block external access to CBAS ports
Implement VLAN segmentation for building automation systems

🧯 If You Can't Patch

Immediately change all default credentials to complex, unique passwords
Implement strict network segmentation and firewall rules to limit access to CBAS systems

🔍 How to Verify

Check if Vulnerable:

Attempt to authenticate to CBAS using documented default credentials. Check if any accounts still use factory defaults.

Check Version:

Check CBAS software version in administrative interface or system information panel

Verify Fix Applied:

Verify all accounts have non-default credentials. Test authentication attempts with default credentials fail.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login with default credentials
Authentication from unexpected IP addresses
Configuration changes by unknown users

Network Indicators:

Traffic to CBAS systems from external IPs
Unusual port scanning activity targeting CBAS ports

SIEM Query:

source="CBAS" AND (event_type="authentication" AND (username="admin" OR username="default")) OR (event_type="configuration_change" AND user NOT IN [authorized_users])

📊 Metadata

CVE ID: CVE-2019-10850

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: May 23, 2019

Last Updated: November 21, 2024

🔗 References

https://applied-risk.com/index.php/download_file/view/196/165 Third Party Advisory
https://applied-risk.com/labs/advisories Third Party Advisory
https://applied-risk.com/index.php/download_file/view/196/165 Third Party Advisory
https://applied-risk.com/labs/advisories Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-10850, you might also want to check these: