AMX Updates Multiple Vulnerabilities

Friday, March 3, 2017 @ 03:03 PM gHale


After just over a year, there is an update to the public report of credential management vulnerabilities in multiple AMX multimedia devices, according to a report with ICS-CERT.

AMX confirmed the existence of hard-coded passwords in multiple products. AMX produced patches and new product versions to mitigate the vulnerabilities in the affected products. AMX also released new product versions to mitigate the remaining credential management vulnerability in their affected products.

RELATED STORIES
Siemens Multi-Product Vulnerability Fixes
Eaton Fixes Interface Vulnerability
Schneider Mitigates Conext ComBox Hole
Siemens Fixes SINUMERIK Hole
Schneider Clears Old Modicon PLC Hole

These vulnerabilities are remotely exploitable. Exploits that target these vulnerabilities are publicly available.

The following AMX multimedia devices suffer from the vulnerability labeled CVE-2015-8362:
• NX-1200, NX-2200, NX-3200, NX-4200 NetLinx Controller, versions prior to Version 1.4.65
• Massio ControlPads MCP-10x, versions prior to Version 1.4.65
• Enova DVX-x2xx, versions prior to Version 1.4.65
• DVX-31xxHD-SP (-T), versions prior Version 4.8.331
• DVX-21xxHD-SP (-T), versions prior Version 4.8.331
• DVX-2100HD-SP-T Master, versions prior to Version 4.1.420 (Hotfix firmware version)
• Enova DGX 100 NX Series Master, versions prior to Version 1.4.72 (Hotfix firmware version)
• Enova DGX 8/16/32/64 NX Series Master, versions prior to Version 1.4.72 (Hotfix firmware version)
• Enova DGX 8/16/32/64 NI Series Master, versions prior to Version 4.2.397 (Hotfix firmware version)
• NI-700, NI-900 Master Controllers (64M RAM), versions prior to Version 4.1.419
• NI-700, NI-900 Master Controllers (32M RAM), versions prior to Version 3.60.456 (Hotfix firmware version)
• NI-2100, NI-3100, NI-4100, NI-2100 with ICSNet, NI-3100 with ICSNet, NI-3100/256
• NI-3100/256 with ICSNet, NI-4100/256, versions prior to Version 4.1.419
• NI-3101-SIG Master Controller, versions prior to Version 4.1.419
• NI-2000, NI-3000, NI-4000, versions prior to Version 3.60.456 (Hotfix firmware version)
• ME260/64 Duet, versions prior to Version 3.60.456 (Hotfix firmware version)

The following AMX multimedia devices suffer from the vulnerability labeled CVE-2016-1984:
• NX-1200, NX-2200, NX-3200, NX-4200 NetLinx Controller, Version 1.4.65 and Version 1.4.66 (Hotfix firmware version)
• Massio ControlPads MCP-10x, Version 1.4.65 and Version 1.4.66 (Hotfix firmware version)
• Enova DVX-x2xx, Version 1.4.65 and Version 1.4.72 (Hotfix firmware version)
• Enova DGX 100 NX Series Master, Version 1.4.72 (Hotfix firmware version)
• Enova DGX 8/16/32/64 NX Series Master, Version 1.4.72 (Hotfix firmware version)

Successful exploitation of these vulnerabilities may allow an attacker to remotely gain access to the affected systems with elevated privileges to configure user interfaces, change device settings, upload files, and download files.

AMX is part of the Harman Professional Division, which provides audio and video solutions for IT environments. AMX is a U.S.-based company headquartered in Dallas, Texas.

The affected products see use for audio and video automation in conference rooms and classrooms. According to AMX, these products see action across the commercial facilities and government facilities sectors. AMX estimates these products see use on a global basis.

Affected devices contain a hard-coded password for a diagnostic account with elevated privileges that can end up used to configure user settings, device settings, upload files, and download files.

CVE-2015-8362 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.9.

Affected devices contain a hard-coded password for an account that has privileges to exchange Internet Control System Protocol (ICSP) messages, which can end up accessed via Port 1319/TCP and UDP. AMX reports this hard-coded password affects firmware Version 1.4.x.

CVE-2016-1984 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.8 assigned by AMX.

An attacker with a low skill would be able to exploit these vulnerabilities.

AMX reported the release of standard firmware versions and Hotfix firmware versions, which mitigates vulnerability, CVE-2015-8362, in the affected products. Click here for AMX’s standard firmware releases for affected products.

AMX’s Hotfix firmware versions should mitigate vulnerability, CVE-2015-8362, until standard firmware versions are available. AMX’s Hotfix firmware versions are available through AMX Tech Support.

AMX said older devices may require interim firmware updates if the currently installed firmware is older than the versions listed in the dependencies columns. For more information read the Product Release Notes or contact AMX Tech Support.

The credential management vulnerability, CVE-2016-1984, affects firmware Versions 1.4.65 through 1.4.72. AMX released firmware to mitigate these vulnerabilities. The following software versions should end up applied to mitigate the credential management vulnerability:
• AMX Enova DVX Product Line:
Master 1.5.68 (or newer)
Switcher 1.7.54 (or newer)
• AMX Enova DGX Product Line:
Master 1.5.68 (or newer)
Switcher 3.2.19 (or newer)

AMX’s standard firmware releases for affected products are available for download at the following URL, with a valid account.



Leave a Reply

You must be logged in to post a comment.