CVE-2016-2308

Vulnerability

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application versions prior to 3.0.0 and all versions of the Aspect-Matrix Building Automation Front-End Solutions application store user login credentials in cleartext within a configuration file [1]. This insecure practice exposes passwords to anyone who can read the file.

Exploitation

An attacker with remote network access can exploit a separate local file inclusion vulnerability (CVE-2016-2307) to read arbitrary files from the host, including the configuration file that contains cleartext passwords [1]. No authentication or user interaction is required; the attacker simply sends a crafted request to retrieve the file.

Impact

Successful retrieval of the cleartext credentials grants the attacker authenticated access to all aspects of the building automation system [1]. This effectively compromises the entire system, allowing the attacker to control building functions, alter settings, and potentially pivot to other network resources.

Mitigation

For the Aspect-Nexus platform, update to version 3.0.0 or later, which fixes the cleartext storage issue [1]. The Aspect-Matrix platform was declared end of life in 2015 and will not receive any further security updates; users should plan to retire or replace these devices immediately [1]. No workaround is available for unpatched versions.