IRZ RUH2 Firmware Overwrite Vulnerability

Tuesday, May 17, 2016 @ 04:05 PM gHale


There is a firmware overwrite vulnerability in iRZ’s RUH2 device and since iRZ discontinued the product, it no offers support, according to a report on ICS-CERT.

This vulnerability is remotely exploitable. Exploits that target this vulnerability are publicly available.

RELATED STORIES
Moxa Clears Router Vulnerabilities
Meteocontrol Clears Vulnerabilities
Panasonic Fixes FPWIN Pro Holes
Siemens Updates SIMATIC Vulnerability

RUH2 suffers from the issue.

An attacker could corrupt the firmware of the serial-to-Ethernet converters employed for substation communications and network routers.

iRZ is a Russian-based company that maintains offices in several countries around the world, including China, Iran, Ukraine, Kazakhstan, France, Belgium, Switzerland, Italy, and Spain.

The affected product, RUH2, is a serial-to-network connector system. RUH2s see action across several sectors including commercial facilities, communications, financial services, healthcare and public health. iRZ said this product sees use primarily in Eastern Europe.

Authorized users can remotely update the firmware with an unvalidated patch.

CVE-2016-2309 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

Exploits that target this vulnerability are publicly available. An attacker with a low skill would be able to exploit this vulnerability.

iRZ recommends users replace the RUH2 with either the RUH2b or RUH3. Click here for additional information on this vulnerability.