Multiple vulnerabilities in Horner Automation Remote Compact Controller 972



Published: 2022-12-02
Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-2640
CVE-2022-2641
CVE-2022-2642
CWE-ID CWE-326
CWE-321
CWE-1108
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
RCC 972
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Horner Automation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Inadequate Encryption Strength

EUVDB-ID: #VU69830

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2640

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the config-files are encrypted with weak XOR encryption. A remote attacker can obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RCC 972: 15.40

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-335-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of Hard-coded Cryptographic Key

EUVDB-ID: #VU69831

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2641

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product has a static encryption key on the device. A remote attacker can execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RCC 972: 15.40

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-335-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Excessive Reliance on Global Variables

EUVDB-ID: #VU69832

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2642

CWE-ID: CWE-1108 - Excessive Reliance on Global Variables

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected device contains global variables. A remote attacker can read out sensitive values and variable keys from the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RCC 972: 15.40

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-335-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###