Advantech EKI Vulnerabilities

Friday, December 11, 2015 @ 04:12 PM gHale


Advantech will release updated firmware to fix several vulnerabilities in its EKI devices by the end of this month, according to a report on ICS-CERT.

These vulnerabilities, discovered by Tod Beardsley of Rapid7 who released the information without coordination with ICS-CERT, the vendor, or any other coordinating entity, could end up exploited remotely.

RELATED STORIES
No Patch from Pacom, but New Version Fixed
Wind Turbine Vulnerability Patched
LOYTEC Fixes Router Vulnerability
Holes Filled in Advantech ICS Gateways

Exploits that target these vulnerabilities are publicly available.

Advantech’s EKI-132x platform devices suffer from the issues.

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, to obtain private keys, or to impersonate the authenticated user and perform a man-in-the-middle attack.

Taiwan-based Advantech has distribution offices in 21 countries worldwide.

The EKI-1200 series Modbus gateways are bidirectional gateways for integrating Modbus/RTU and Modbus/ASCII serial devices to TCP/IP networked-based devices. The products see use in industrial automation on a global basis.

GNU Bash Versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment, which enables network-based exploitation. This vulnerability is “ShellShock.”

CVE-2014-6271 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.

Advantech EKI uses the OpenSSL cryptographic library and transport layer security (TLS) implementation Version 1.0.1, known to be vulnerable to the Heartbleed vulnerability.

CVE-2014-0160 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.

CVE-2012-2152 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

An attacker with a low skill would be able to exploit these vulnerabilities.