Innominate Patches mGuard Hole

Friday, December 19, 2014 @ 05:12 PM gHale


Innominate Security Technologies produced a firmware patch that mitigates a privilege escalation vulnerability affecting all mGuard devices, according to a report on ICS-CERT.

Innominate mGuard firmware, Version 8.1.3 and prior suffers from the remotely exploitable vulnerability.

RELATED STORIES
Schneider Mitigates ProClima Holes
Siemens Adds More WinCC Fixes
Trihedral Patches Overflow Hole
Yokogawa Patches XML External Entity

Successful exploitation of this vulnerability could allow an authorized administrator to escalate privileges to execute arbitrary commands with root privileges. If the administrator and root privileged user’s roles end up performed by the same individual, this limits the impact of this vulnerability.

Innominate is a German-based company that sells products worldwide through its international partners.

The affected products, the mGuard family of products, are industrial security routers. They are in many critical infrastructure sectors, including communications, critical manufacturing, and healthcare and public health.

An authorized administrator of mGuard products has limited rights to configure the system. This vulnerability could allow an administrator, with restricted privileges, the ability to escalate privileges and execute arbitrary commands with root privileges by specifically configuring Point-to-Point Protocol settings.

CVE-2014-9193 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 8.5.

No known public exploits specifically target this vulnerability, however, an attacker with moderate skill would be able to exploit this vulnerability.

Innominate released firmware patches Version 7.6.6 and Version 8.1.4 that mitigates the vulnerability in the mGuard firmware Version 7 and Version 8, respectively. Innominate recommends users working with firmware versions older than Version 7, which are no longer maintained, to upgrade to mGuard firmware Version 7.6.6 or Version 8.1.4. Innominate also recommends users limit access to the administrative interfaces to a minimum via firewall rules.

For additional information on the vulnerability, click on Innominate’s security advisory.

Innominate’s firmware updates are available on its web site.



Leave a Reply

You must be logged in to post a comment.