N-Tron Encryption Key Vulnerability

Tuesday, June 9, 2015 @ 04:06 PM gHale

There is a hard-coded SSH and HTTPS encryption key vulnerability in N-Tron’s 702-W Industrial Wireless Access Point device, according to a report on ICS-CERT.

The vulnerability, discovered by independent researcher Neil Smith of (ZeroFox) Riskive Security, could allow an attacker to compromise communications and compromise the integrity of the device.

Sinapsi Fixes eSolar Light Hole
XZERES Fixes Wind Turbine Hole
Moxa Fixes Buffer Overflow Hole
Beckwith Fixes TCP Initial Sequence Hole

N-Tron is aware of the reported vulnerability, and ICS CERT has not been able to successfully coordinate this issue with N-Tron or its parent company Red Lion because of the vendor’s unresponsiveness.

At this point there is no fix, patch, or update by N-Tron that mitigates this remotely exploitable vulnerability, ICS-CERT said. ICS-CERT sent out an advisory is to inform users of the potential risk of using this equipment and for them to increase compensating measures if possible.

The N-Tron 702-W Industrial Wireless Access Point, all versions suffer from the issue.

The SSH and HTTPS private keys for secure communication can end up copied from the device and the keys are the same on each device. Users do not have the ability to generate a new private key. These keys can intercept communications from these devices to completely compromise the confidentiality and integrity of the transmitted data.

Spectris plc is a United Kingdom-based instrumentation and controls company that acquired N Tron on October 1, 2010, and is working closely with its Red Lion Controls subsidiary. In February 2013, Red Lion, Sixnet, and N-Tron combined under the Red Lion Brand. N-Tron is a Mobile, AL-based company that has representatives around the world, including Canada, China, India, Switzerland, and the United Kingdom.

N-Tron products see action across several sectors including commercial facilities; energy; nuclear reactors, materials, waste; transportation systems, and water and wastewater systems. N-Tron estimates these products see use in over 50 countries worldwide.

The SSH and HTTPS private keys used for secure traffic communication are hard-coded on the device and are not unique. An attacker can use these keys from one device to decrypt traffic from any other device. Users do not have the ability to generate new keys for the device. An attacker has the ability to use the key to completely compromise the confidentiality and integrity of the wireless traffic.

CVE-2012-4716 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 8.8.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

ICS-CERT recommends users contact N-Tron customer support with further questions and for mitigation strategies.