GAIN Fixes SAGA1-L Series Holes

Tuesday, October 23, 2018 @ 04:10 PM gHale

GAIN Electronic Co. Ltd has new firmware to offset multiple vulnerabilities in its SAGA1-L series, according to a report with NCCIC.

The vulnerabilities are an authentication bypass by capture-replay, improper access control, and improper authentication. The vulnerabilities are exploitable from an adjacent network.

RELATED STORIES
Advantech Fixes WebAccess Holes
OMRON Fixes Holes in CX-Supervisor
LCDS Mitigates Vulnerabilities
NUUO Clears Video Recorder Holes

Successful exploitation of these vulnerabilities, discovered by Marco Balduzzi, Philippe Z Lin, Federico Maggi, Jonathan Andersson, Urano Akira, Stephen Hilt, and Rainer Vosseler working with Trend Micro’s Zero Day Initiative, could allow remote code execution and potentially delete the product’s firmware.

SAGA1-L8B: All firmware versions prior to A0.10 suffer from the vulnerabilities.

In one issue, the product is vulnerable to a replay attack and command forgery.

CVE-2018-17903 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.3.

In the improper access control issue, it may allow an attacker to force-pair the device without human interaction.

CVE-2018-20783 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In the improper authentication issue, an attacker with physical access to the product may able to reprogram it.

CVE-2018-17923 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

The product sees action mainly in the communications sector. It also sees use in the United States.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Taiwan-based GAIN Electronic Co. Ltd recommended that users update to firmware version A0.10. The new firmware can be obtained through a distributor.



Leave a Reply

You must be logged in to post a comment.