Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

We Value Your Feedback!
Could you please spare a few minutes to share your thoughts on Cloud Connected vs On-Premise Services. Your feedback can help us shape the future of services.
Learn more about the survey or Click here to Launch the survey
Schneider Electric Services Innovation Team!

DCO vulnerabilities SERVER: MiniServ/1.820

EcoStruxure IT forum

Schneider Electric support forum about installation and configuration for DCIM including EcoStruxure IT Expert, IT Advisor, Data Center Expert, and NetBotz

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • EcoStruxure IT
  • EcoStruxure IT forum
  • DCO vulnerabilities SERVER: MiniServ/1.820
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
Cory_McDonald
Admiral Cory_McDonald Admiral
124
Jef
Admiral Jef Admiral
109
gsterling
Captain gsterling Captain
71
APC_Steve
Captain APC_Steve Captain
62
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Back to EcoStruxure IT forum
DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

0 Likes
9
1809
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

DCO vulnerabilities SERVER: MiniServ/1.820

Hi Support,

We require your assistance with this matter.

Preview:

- one of the biggest national banks in our country has the DCO running in a virtual server

- Our customer used a third party utility to detect vulnerabilities. They use “QRadar”

- The DCO is running in version 8.0.3

Vulnerabilities:

The customer is using the QRadar utility and they want to solve the vulnerability below:

CVE ID: 2017-15645,2007-5066
Vulnerability ID: Webmin create_job.cgi cross-site request forgery
Vulnerability Description: SERVER: MiniServ/1.820
Port: 10000
Concern: This application is prone to this vulnerability because of an unknown reason, allowing an attacker to execute arbitrary commands and escalate privileges.
Solution: No remedy available as of October 16, 2017.

 



(CID:136645387)

Labels
  • Labels:
  • Data Center Operation
  • Tags:
  • bug
Reply

Link copied. Please paste this link to share this article on your social media post.

  • All forum topics
  • Previous Topic
  • Next Topic
Replies 9
DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

0 Likes
7
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

Hello Andres.

The above DCO release you mention is quite old. Current DCO release is 8.2.12. Each of the DCO releases since the mentioned 8.0.3 release include patches/updates to address security and vulnerabilities. We scan/verify known vulnerabilities against each new release before it becomes available to the public.

We would recommend you consider upgrading your DCO 8.0.3 installation to a more current release.

Regards

Greg Sterling

(CID:137104964)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

In response to DCIM_Support
0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

Hi Greg, 

We upgraded the DCO software as you requested, but the vulnerability persist.


CVE ID: 2017-15645,2007-5066
Vulnerability ID: Webmin unspecified URL command execution
Vulnerability Description: SERVER: MiniServ/1.820
Port: 10000
Concern: This application is prone to this vulnerability because of an unknown reason, allowing an attacker to execute arbitrary commands and escalate privileges.
Solution: Upgrade to the latest version of Webmin (1.370 or later), available from the Webmin Web site: Security Alerts. See References.

Please help!!

(CID:140711698)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

In response to DCIM_Support
0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:28 PM . Last Modified: ‎2024-04-03 11:54 PM

We'll ask development to comment further, but when I look at these CVE definitions (CVE ID: 2017-15645,2007-5066) they state these vulnerabilities are addressed by webmin versions 1850 and 1370 respectively.

If you upgraded to DCO 8.2.12 then your webmin version should be 1890. If you logon to your webmin gui (https://dco-server-ip:10000/) the webmin version should be visible on the system information page when you login.

Regards

Greg Sterling

(CID:137729396)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:54 PM

In response to DCIM_Support
0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:54 PM

Hi Greg,
We performed the webmin upgrade as you mentioned. 
The webmin works in version 1.900

But now we have more vulnerabilities.
Please check the attached image.

We need to purge this list.
We appreciate all your help.

(CID:138381699)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:54 PM

In response to DCIM_Support
0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:54 PM

Hello Andres

Did you update webmin only or both DCO and webmin?

Regards

Greg Sterling

(CID:138381738)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:53 PM

In response to DCIM_Support
0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:53 PM

Hello Greg,

Both at the same time.

The resolution instructions for many of  the vulnerabilities are to upgrate the webmin versión to a newest versión. (Please check atached  file = Vulnerabilidades DCO.xlsx)

The webmin is aleady in versión 1900.

Could this be managed as a false -positive?

Vulnerabilidades DCO.xlsx

(CID:140217735)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:53 PM

In response to DCIM_Support
0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:53 PM

Hello Andres. I have asked our dev team to comment on your recent response.

Regards

Greg Sterling

(CID:140218061)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:53 PM

In response to DCIM_Support
0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2024-04-03 11:53 PM

Hello Greg,

Any update?

(CID:140711587)

Reply

Link copied. Please paste this link to share this article on your social media post.

DCIM_Support
Picard DCIM_Support
Picard

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2023-10-22 01:46 AM

0 Likes
0
1811
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2020-07-05 02:29 PM . Last Modified: ‎2023-10-22 01:46 AM

superhero.png

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.

Reply

Link copied. Please paste this link to share this article on your social media post.

To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of