IniNet Fixes Cleartext Vulnerability

Wednesday, October 21, 2015 @ 03:10 PM gHale

IniNet Solutions GmbH created a new version that mitigates a cleartext storage of sensitive information vulnerability in its embeddedWebServer (eWebServer), according to a report on ICS-CERT.

IniNet Solutions’ eWebServer for Windows CE, versions prior to Version 2.02 suffer from the issue, discovered by Aleksandr Timorin of Positive Technologies.

IniNet Solutions Fixes SCADA Holes
3S Fixes Null Pointer Exception
3S Fixes Null Pointer Dereference Hole
SDG Hole Exploit Code Released

IniNet Solutions’ eWebServer is a third-party software used in industrial control system devices. ICS-CERT is working with vendors to identify affected products that incorporate vulnerable versions of eWebServer.

The IniNet Solutions eWebServer is in the following Baumüller products:
• Baumüller Box PC bmaXX PCC BMP-03-0000, firmware Version 2015-03-11_PCC-03_v1.6
• Baumüller Box PC bmaXX PCC BMP-03-120R, firmware Version 2015-03-11_PCC-03_v1.6
• Baumüller Box PC bmaXX PCC BMP-03-150R, firmware Version 2015-03-11_PCC-03_v1.6

The IniNet Solutions’ eWebServer is compatible and used with the following Beckhoff products:
• Beckhoff Embedded PC, series CX1010
• Beckhoff Embedded PC, series CX1020
• Beckhoff Embedded PC, series CX1030
• Beckhoff Embedded PC, series CX2000
• Beckhoff Embedded PC, series CX5100
• Beckhoff Embedded PC, series CX5000
• Beckhoff Embedded PC, series CX9000
• Beckhoff Embedded PC, series CX9010
• Beckhoff CX9020, Basic CPU module
• Beckhoff Embedded PC CX8090

Successful exploitation of the vulnerability in eWebServer could compromise the confidentiality of the system.

IniNet Solutions GmbH is a Switzerland-based company.

The affected product, eWebServer, is a third-party web-based server software. According to IniNet Solutions’ eWebServer sees action across several industries including building automation. IniNet Solutions GmbH said this product sees use mainly in Europe.

The eWebServer stores passwords in cleartext.

CVE-2015-1005 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.

This vulnerability is not exploitable remotely and no known public exploits specifically target this vulnerability. However, an attacker with low skill would be able to exploit this vulnerability.

IniNet Solutions GmbH has a new version of eWebServer, Version 2.02 that mitigates the vulnerability. Users can obtain the new version by contacting IniNet Solutions GmbH. Click here for IniNet Solutions’ contact information.

Baumüller said the three affected products will end up retired in December this year, and no patches are in the plans for these products. Baumüller recommends asset owners contact them to discuss intermediate response options.

Click here for Baumüller’s contact information.

Asset owners of an identified Beckhoff product should determine if a vulnerable version of eWebServer is in use. Asset owners using a vulnerable version of eWebServer should contact their supplier or IniNet Solutions GmbH to obtain a new version of eWebServer. Beckhoff said IniNet Solutions products are not a Beckhoff product. eWebServer is an application software by a third-party vendor developed and sold independent of Beckhoff. Beckhoff said their (standard) products do not suffer from the issue.