Detcon SiteWatch Gateway Vulnerability

Tuesday, May 16, 2017 @ 04:05 PM gHale


Detcon no longer sells or maintains its SiteWatch Gateway, which has improper authentication and plaintext storage of a password vulnerabilities, according to a report with ICS-CERT.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by independent researcher Maxim Rupp, may allow remote code execution. An attacker who exploits these vulnerabilities may be able to change settings on the affected product or obtain user passwords.

RELATED STORIES
Schneider Fixes SoMachine HVAC Issue
Schneider Fills VAMPSET Hole
Hanwha Techwin Clears Vulnerability
Indicators Associated with WannaCry

The following versions of Detcon SiteWatch Gateway, an Ethernet Notification System, suffer from the issues:
• All SiteWatch Gateway versions
• Detcon reports Cellular versions do not suffer from the issues

Woodlands, TX-based Detcon no longer sells or maintains the SiteWatch Gateway product. They have attempted to send a notification to all SiteWatch users.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level would be able to leverage the vulnerabilities.

In the improper authentication vulnerability, an attacker can edit settings on the device using a specially crafted URL.

CVE-2017-6049 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.1.

In addition, passwords are presented in plaintext in a file that is accessible without authentication.

CVE-2017-6047 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

The product sees action in the commercial facilities, critical manufacturing, energy, and water and wastewater systems sectors. The product sees use mainly in the United States, Europe and Asia.



Leave a Reply

You must be logged in to post a comment.