Multiple vulnerabilities in Digitalstrom Konfigurator

SEC Consult Vulnerability Lab Security Advisory < publishing date 20160422-1 >


title: Multiple vulnerabilities in Digitalstrom Konfigurator

product: Digitalstrom Konfigurator

vulnerable version: 1.10.0

fixed version: 1.10.4

CVE number: -

impact: High


found: 2015-10-01

by: W. Schober (Office Vienna)

SEC Consult Vulnerability Lab


An integrated part of SEC Consult

Berlin - Frankfurt/Main - Montreal - Singapore

Vienna (HQ) - Vilnius - Zurich




Vendor description:


"Digitalstrom is designed to systematically network all the electrical devices

in your home. The control of light ambiances, security technology and

household devices is just the start. You can simply download these new

functions to your Digitalstrom server; they will install themselves

automatically. And tomorrow has already become today."





Business recommendation:


SEC Consult recommends every user to sign out immediately after configuring

the Digitalstrom installation in the Digitalstrom Konfigurator. This should

prevent cross-site request forgery attacks. Furthermore every user should be

aware that an attack could occure everytime when he clicks on an unknown link.


However, SEC Consult recommends the vendor to conduct a comprehensive security

analysis, based on security source code reviews, in order to identify all

available vulnerabilities in the Digitalstrom Konfigurator and increase the

security of its customers.



Vulnerability overview/description:



1) Multiple Persistent Cross-Site Scripting

Digitalstrom Konfigurator suffers from multiple cross-site scripting

vulnerabilities, which allow stealing session tokens and impersonation of

other users in order to gain unauthorized access to the web interface.

Furthermore it is possible to alter the contents of the interface in the

context of the current user.



2) Cross-Site Request Forgery

Digitalstrom Konfigurator doesn't implement any kind of cross-site request

forgery protection. Due to that, attackers are able to execute arbitrary

requests with the privileges of any user. The only requirement is, that a

victim visits a malicious webpage. For example, an administrator can be

forced to execute unwanted actions. Some of these actions are:


-) Change network configuration

-) Enable SSH service

-) Turn various devices on and off



Proof of concept:


Has been removed due to the request from the vendor.



Vulnerable / tested versions:


Digitalstrom Konfigurator 1.10.0



Vendor contact timeline:


2015-11-09: Transmission of advisory via email

2015-12-02: As requested by Digitalstrom: New PoC for XSS

2016-01-31: Vendor released updated version 1.10.4

2016-04-22: Public advisory release





Upgrade to version 1.10.4.

The effectiveness of the vendor's update was not verified by the SEC Consult

Vulnerability Lab.





no workaround available



Advisory URL:






SEC Consult Vulnerability Lab


SEC Consult

Berlin - Frankfurt/Main - Montreal - Singapore - Vienna (HQ) - Vilnius - Zurich


About SEC Consult Vulnerability Lab

The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It

ensures the continued knowledge gain of SEC Consult in the field of network

and application security to stay ahead of the attacker. The SEC Consult

Vulnerability Lab supports high-quality penetration testing and the evaluation

of new offensive and defensive technologies for our customers. Hence our

customers obtain the most current information about vulnerabilities and valid

recommendation about the risk profile of new technologies.



Interested to work with the experts of SEC Consult?

Send us your application


Interested in improving your cyber security with the experts of SEC Consult?

Contact our local offices



Mail: research at sec-consult dot com





EOF W. Schober / @2015