Westermo has a series of mitigations available to handle use of hard-coded password and insufficiently protected credentials vulnerabilities in its EDW-100, according to a report with CISA.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by Nicolai Grødum and Sofia Lindqvist of PwC Norway, could allow an attacker to access the device using hardcoded credentials and download cleartext username and passwords.

All versions of Westermo EDW-100, a Serial to Ethernet converter, suffer from the vulnerabilities.

In one issue, Westermo EDW-100 has a hidden administrator account with a hardcoded password. In the firmware package, in “image.bin,” there are a hard-coded and exposed username root and the password for this account an attacker could trivially extract. Currently there is no way to change this password.

CVE-2024-36080 is the case number for this vulnerability, which has a CVSS v3.1 base score of 9.8. There is also a CVSS v4 base score of 9.3.

Schneider Bold

In addition, Westermo EDW-100 allows an unauthenticated GET request that can download the configuration-file that contains the configuration, username, and passwords in clear-text.

CVE-2024-36081 is the case number for this vulnerability, which has a CVSS v3.1 base score of 9.8. There is also a CVSS v4 base score of 9.3.

The product sees use in the energy, water and wastewater systems, and transportation systems sectors. It also sees action on a global basis.

No known exploits target these vulnerabilities. However, an attacker could easily leverage this low complexity vulnerability.

To mitigate the risks associated with these vulnerabilities, Sweden-based Westermo recommends:

Network segregation, perimeter protection, network to network protection, and physical security measures. EDW-100 functions as an industrial serial to ethernet converter. This means EDW-100 does not in itself have any of the protective measures you require in a modern security posture, EDW-100 should not go out on the edge of the network but instead deploy using the techniques mentioned in the IEC 62443 standard.

This means the use of network segregation and perimeter protection which can end up accomplished by for example deploying a firewall and the use of VLANs.

If data needs to flow into, or out of, the security zone containing EDW-100 it is important to have network-to-network protection enabled which for example can end up applied with a Virtual Private Network (VPN).

It is also crucial to have physical security measures put in place as the unit can be vulnerable to physical attacks and tampering. A recommendation to mitigate this risk is to place the unit in a separate enclosure with locks and alarms if it opened outside of normal maintenance.

While the unit’s design characteristics may necessitate extra precautions, implementing the suggested countermeasures ensures a secure deployment that effectively addresses associated risks.

Westermo recommends replacing EDW-100 with Lynx DSS L105-S1. For further reference see 5-Port Managed Industrial Device Server Switch | L105-S1 ᐈ Westermo.

ISSSource

Pin It on Pinterest

Share This