No Fixes for Adcon Telemetry A840 Holes

Wednesday, December 16, 2015 @ 10:12 AM gHale


There will be no patches or updates for users of Adcon Telemetry’s vulnerable A840 Telemetry Gateway Base Station as the company said it is an obsolete product and no longer supported, according to a report on ICS-CERT.

Instead, Adcon Telemetry will send a message to all known customers to offer to upgrade to a more secure and stable version.

RELATED STORIES
Open Automation Software Hole
Advantech EKI Vulnerabilities
No Patch from Pacom, but New Version Fixed
Wind Turbine Vulnerability Patched

These vulnerabilities, discovered by Independent researcher Aditya K. Sood, are remotely exploitable.

All versions of the A840 Telemetry Gateway Base Station suffer from the vulnerabilities.

An attacker can gain administrative access to the target by exploiting these vulnerabilities.

Adcon Telemetry is an Austria-based company that maintains offices in several countries around the world, including the U.S., Germany, and Austria.

The affected product, A840 Telemetry Gateway Base Station, is a wireless telemetry system. The A840 Telemetry Gateway Base Stations see action across several sectors including commercial facilities, critical manufacturing, water and wastewater systems, and others. Adcon Telemetry estimates this product sees use primarily in the United States and Europe.

An attacker can log into the device using the hard-coded credentials that grant administrative access. Administrative credentials allow users to change device settings and read and write to the file system. This could result in a loss of confidentiality, integrity, or availability.

CVE-2015-7930 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.

There is also an improper authentication issue where the system does not support SSL for encrypting network level communication. Because the support is not available in the Java client, the network communication is plaintext, and all data end up transmitted in plaintext.

CVE-2015-7931 is the case number for this vulnerability, which has a CVSS v3 base score of 10.0.

In addition, because there is no SSL support, all the communication ends up unencrypted making it easily readable over the network.

CVE-2015-7932 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

Also, the Java client used in A840 gateway systems reveals the full path of log files on the server.

CVE-2015-7934 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

No known public exploits specifically target these vulnerabilities. An attacker with a low skill would be able to exploit these vulnerabilities.



Leave a Reply

You must be logged in to post a comment.