October 28, 2017 Karn Ganeshen

[ICS] JanTek JTC-200 RS232-NET Converter Advisory Published

Vendor: JanTek
Equipment: JTC-200
Vulnerabilities: Cross-site Request Forgery, Improper Authentication

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02

CVE-ID
CVE-2016-5789
CVE-2016-5791

AFFECTED PRODUCTS
The following versions of JTC-200, a TCP/IP converter, are affected:

  • JTC-200 all versions.

BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Europe and Asia
Company Headquarters Location: Taiwan


IMPACT

Successful exploitation of these vulnerabilities could allow for remote code execution on the device with elevated privileges.

VULNERABILITY OVERVIEW

CROSS-SITE REQUEST FORGERY (CSRF) CWE-352
An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

CVE-2016-5789 has been assigned to this vulnerability. A CVSS v3 base score of 8.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

IMPROPER AUTHENTICATION CWE-287
The improper authentication could provide undocumented Busybox Linux shell accessible over Telnet service without any authentication.

CVE-2016-5791 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).


Detailed Proof of Concept:

https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/

+++++

Tagged: , , , , , , , , , ,