Kunbus PR100088 Modbus Gateway Fixed

Tuesday, February 5, 2019 @ 11:02 PM gHale

Kunbus has a fix for improper authentication, missing authentication for critical function, and improper input validation in its PR100088 Modbus gateway, according to a report with NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by Nicolas Merle of Applied Risk, could allow an attacker to achieve remote code execution and/or cause a denial-of-service condition.

RELATED STORIES
Siemens Fixes SIMATIC S7-1500 CPU
WECON Fixes LeviStudioU Holes
Rockwell Clears EtherNet/IP Web Server Module Holes
InduSoft Web Studio, InTouch Edge HMI Fixed

PR100088 Modbus gateway: All versions prior to Release R02 (or Software Version 1.1.13166) suffer from the issues.

In one vulnerability, an attacker may be able change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.

CVE-2019-6527 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.6.

In addition, registers used to store Modbus values can be read and written from the web interface without authentication.

CVE-2019-6533 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.

Also, an attacker could specially craft an FTP request that could crash the device.
CVE-2019-6529 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.9.

The product sees use mainly in the communication sector. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Germany-based Kunbus recommends the following:
• Update to Version R02; installation instructions can be found in the readme file included in the download.
• These devices are not intended to be used in a public network. Rather, these devices are intended for use in an industrial environment with a protected network architecture.



Leave a Reply

You must be logged in to post a comment.