This afternoon the DHS ICS-CERT published an advisory
for multiple vulnerabilities in the Janitza UMG power quality measuring
products. The vulnerabilities were reported by Mattijs van Ommeren of Applied
Risk. Janitza has produced new firmware and documentation to mitigate these
vulnerabilities, but there is no indication that van Ommeren has been provided
an opportunity to verify the efficacy of the fixes.
The vulnerabilities include:
• Weak password protection, CVE-2015-3972;
• Weak session token generation, CVE-2015-3973;
• Hard coded password, CVE-2015-3968;
• Privilege escalation, CVE-2015-3971;
• Persistent cross site scripting, CVE-2015-3970;
• Cross site forgery, CVE-2015-3967;
and
• Information disclosure, CVE-2015-3960.
ICS-CERT reports that a moderately skilled attacker could remotely
use a publicly available exploit of these vulnerabilities to adjust system
parameters; manipulate measurement values and change the function of the
device; and compromise availability, integrity, and confidentiality of the
device and dependent systems.
In addition to new firmware, ICS-CERT reports that Janitza
has produced a new
manual [.PDF download] on how to set up a secure TCP/IP connection on most
of the affected devices. In addition to setting up that secure connection the
manual also addresses:
• Changing passwords for FTP,
homepage and display; and
• Setting internal firewall
settings.
This advisory was originally released to the US-CERT Secure
Portal on September 22nd. This is apparently the vulnerability that I
reported being on the Secure Portal back on October 5th.
Posts
No comments:
Post a Comment