Accuenergy Fixes Acuvim II Holes

Thursday, April 14, 2016 @ 06:04 PM gHale


Accuenergy created guidelines to mitigate authentication bypass vulnerabilities in its Acuvim II Series AXM-NET module, according to a report on ICS-CERT.

These vulnerabilities, discovered by independent researcher Maxim Rupp, are remotely exploitable.

RELATED STORIES
Ecava Fixes IntegraXor Vulnerabilities
Siemens glibc Library Vulnerability
Siemens SCALANCE S613 DoS Hole
Siemens Working on Patch for DROWN

The following Accuenergy versions suffer from the issue:
• Acuvim II NET Firmware, Version 3.08
• Acuvim IIR NET Firmware, Version 3.08

The authentication bypass vulnerability allows access to the settings on the Ethernet module web server interface without authenticating. A malicious user could create a denial-of-service condition for the power meter by changing the network settings.

Accuenergy is a Canada-based company that maintains offices in several countries around the world, including the United States, Canada, and China.

The affected product, Acuvim II, is a multifunction power metering device. The AXM-NET Ethernet module creates a web page to display data produced by the Acuvim II. Acuvim II sees action in the energy sector. Accuenergy estimates this product sees use primarily in North America and China.

By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access settings without authenticating.

CVE-2016-2293 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

In addition, an unprotected file contains a password to the mail server in the plain text.
CVE-2016-2294 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.

Accuenergy created a a document containing recommended mitigations.