Today the DHS ICS-CERT took the unusual step of issuing a control system security alert for a ‘vulnerability’ being self-reported by the vendor. ICS-CERT reports that Sierra Wireless has issued a technical bulletin [.PDF Download] describing mitigation measures that owners can take to stop the Mirai malware from infecting AirLink gateways that are using the default ACEmanager password and are reachable from the public internet.
ICS-CERT is careful to note “that there is no software or hardware vulnerability being exploited in the Sierra Wireless devices by the Mirai malware”. The problem is in configuration management; using the default password.
It is nice to see that a vendor is taking specific steps to identify problems in configuration management for their products that allow an outside agency to take control of those products to become part of a botnet. And to further share that information with ICS-CERT to help get the word out is something to be commended. It would sure be nice if all vendors were so proactive.