B+B SmartWorx Fixes Bypass Hole

Thursday, February 18, 2016 @ 04:02 PM gHale

B+B SmartWorx created an implementation plan to mitigate an authentication bypass vulnerability in its VESP211 serial servers, according to a report on ICS-CERT.

Successful exploitation of this vulnerability could allow attackers to perform administrative operations over the network without authentication.

Siemens Fixes SIMATIC S7 Woes
Tollgrade Fixes SmartGrid System Holes
Westermo Updates Switch Vulnerability
Rockwell Fixes PLC Buffer Overflow

The following VESP211 serial servers suffer from the remotely exploitable vulnerability discovered by independent researcher, Maxim Rupp:
• Model: VESP211-EU       Firmware Version: 1.7.2
• Model: VESP211-232      Firmware Version: 1.7.2
• Model: VESP211-232      Firmware Version: 1.5.1

B+B SmartWorx is a U.S.-based company that has additional offices in Ireland and the Czech Republic. In January, B+B SmartWorx merged with Advantech, a Taiwan-based company.

The affected products, VESP211 serial servers, are an interface for connecting serial devices to an Ethernet network. VESP211 serial servers see action across several sectors including energy, telecommunications, and transportation. B+B SmartWorx estimates these products see use primarily in North America with a smaller percentage in Europe and South America.

Web interface uses JavaScript to check for client authentication and redirect unauthorized users to a login page. By intercepting and change requests, an unauthenticated user may bypass authentication and access restricted pages.

CVE-2016-2275 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Advantech/B+B recommends users only operate VESP211 serial servers behind a local network firewall.