Advantech Patches SSH Key Hole

Friday, November 6, 2015 @ 04:11 PM gHale

Advantech created new firmware to mitigate a hard-coded SSH key vulnerability in its EKI-122X series products, according to a report on ICS-CERT.

This vulnerability, discovered by independent researcher Neil Smith, is remotely exploitable.

New RuggedCom Hole Already Fixed
Infinite Fixes Mango Vulnerabilities
Rockwell Fixes PLC System Holes
Janitza Fixes Multiple Vulnerabilities

The vulnerability affects the following products:
• EKI-136* product line prior to firmware version 1.27
• EKI-132* product line prior to firmware version 1.98
• EKI-122*-BE product line prior to firmware version 1.65

An attacker who exploits this vulnerability may be able to intercept communications to and from this device.

Taiwan-based Advantech has distribution offices in 21 countries worldwide.

The EKI-1200 series Modbus gateways are bidirectional gateways for integrating Modbus/RTU and Modbus/ASCII serial devices to TCP/IP networked-based devices. These products see action in industrial automation globally.

The firmware contains hard-coded SSH keys the user cannot change.

CVE-2015-6476 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Advantech released new firmware in October to mitigate this vulnerability.

For the EKI 122*-BE (v1.65) and EKI-136* (v1.27) product lines, HTTPS and SSH ends up disabled.

For the EKI 132* (v1.98) product line, additional configurations ended up added in to allow customization for the HTTPS and SSH keys. Users may download the latest firmware from the following locations on Advantech’s web site: