Phoenix Broadband Mitigates BMS Hole

Thursday, June 1, 2017 @ 01:06 PM gHale


Phoenix Broadband Technologies LLC released updated firmware to mitigate a use of hard-coded password vulnerability in its PowerAgent SC3 Site Controller, a remote battery monitoring system (BMS), according to a report with ICS-CERT.

PowerAgent SC3 BMS, all versions prior to v6.87 suffer from the remotely exploitable issue, discovered by Iñaki Rodríguez who tested the patch.

RELATED STORIES
GE Updates Multilin SR Fix
GE Updates Proficy Vulnerability
Moxa Offers Mitigations for its OnCell
Rockwell Fixes MicroLogix Holes

Successful exploitation of this vulnerability may allow unauthorized access to the battery monitoring system.

The battery monitoring systems sees use in the communications, energy, government facilities, information technology, and transportation systems sectors. It sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level would be able to leverage the vulnerability.

Use of a hard-coded password may allow unauthorized access to the device.

CVE-2017-6039 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

Hatfield, PA-based Phoenix Broadband Technologies LLC issued updated firmware v6.87 to address this vulnerability. Users can obtain the new firmware by contacting Phoenix Broadband Technologies LLC.



Leave a Reply

You must be logged in to post a comment.