ENTTEC has Fix for Lighting Controllers

Tuesday, March 26, 2019 @ 03:03 PM gHale

ENTTEC recommends users upgrade to a new version to mitigate a missing authentication for critical function vulnerability in its Datagate MK2, Storm 24, Pixelator, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Ankit Anubhav of NewSky Security, could reboot this device allowing a continual denial of service condition.

RELATED STORIES
Schneider Working on Fix Triconex Emulator
Controls Added for Medtronic RF Issues
Weather System Clears Holes
InduSoft Web Studio, InTouch Edge HMI Hole Fixed

ENTTEC reports the vulnerability affects the following products and versions:
• Datagate MK2 all firmware prior to 70044_update_05032019-482
• Storm 24 all firmware prior to 70050_update_05032019-482
• Pixelator all firmware prior to 70060_update_05032019-482

An unauthenticated user can initiate a remote reboot, which may be used to cause a denial of service condition.

CVE-2019-6542 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The products mainly see use in the commercial facilities sector. They also see action on a global basis.

No known public exploits specifically target this vulnerability. An attacker with low skill level could leverage the vulnerability.

Australia-based ENTTEC recommends users upgrade to the March 2019 revB firmware or later which can be downloaded from the following links:
• Datagate MK2 70044_update_05032019-482
• Storm 24 70050_update_05032019-482
• Pixelator 70060_update_05032019-482



Leave a Reply

You must be logged in to post a comment.