New Firmware for Tec4Data SmartCooler

Friday, September 21, 2018 @ 12:09 PM gHale

Tec4Data released new firmware to fix a missing authentication for critical function vulnerability in its SmartCooler, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Ankit Anubhav of NewSky Security, could cause the device to shut down by exploiting missing authentication for a critical function.

RELATED STORIES
Rockwell Fixes RSLinx Classic Holes
Buffer Overflow in WECON PLC Editor
Honeywell Fixes Mobile Computer Hole
Siemens Fixes SCALANCE X Switches

A cooling appliance, all versions of SmartCooler prior to firmware 180806 suffer from the remotely exploitable vulnerability.

In the vulnerability, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. 

CVE-2018-14796 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees action mainly in the commercial facilities sector. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Austria-based Tec4Data released new firmware to address the vulnerability and has distributed the new firmware to affected devices.



Leave a Reply

You must be logged in to post a comment.