# Title: Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) # Author: LiquidWorm # Date: 2019-11-05 # Vendor: https://optergy.com/ # Product web page: https://optergy.com/products/ # Affected version: <=2.3.0a # Advisory: https://applied-risk.com/resources/ar-2019-008 # Paper: https://applied-risk.com/resources/i-own-your-building-management-system # CVE: CVE-2019-7273 # Optergy Proton/Enterprise BMS CSRF Add Admin