Optergy Proton Enterprise Building Management System (ICSA-19-157-01)

The NCCIC has published an advisory on information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities in Optergy Proton Enterprise Building Management System. Versions 2.3.0a and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and gain full system access. Optergy recommends a series of steps to mitigate the vulnerabilities. The NCCIC also advises of a series of mitigating measures. Read the advisory at WaterISAC.