US-based company GarrettCom has produced new firmware versions to mitigate vulnerabilities in Magnum 6k and Magnum 10k product lines. Issues like authentication, denial of service, and cross-site scripting vulnerabilities have been encountered in those versions. All versions prior to 4.5.6 of both the product lines have been affected.
The vulnerabilities can be exploited remotely by executing arbitrary code on the target device.
However, operational environment, architecture, and product implementation are the factors on which the impact on the individual organizations is based.
Researchers have found multiple XSS (cross-site scripting) vulnerabilities in the web server present on the device, which can be exploited by an unauthenticated attacker.
CVE-2015-3960 has been assigned for the vulnerabilities related to the use of hard core credentials. The firmware contains hard-coded RSA private keys and certificate files, which are used by the server for SSH connections and HTTPS connections. There is a hard-coded password for a serial console connected high privileged user.
Memory can be corrupted by issuing a certain form of URL against the device’s web server.
These vulnerabilities can be remotely exploited and no known public exploits specifically target them.
According to the ICS-CERT, the latest versions of GarrettCom Magnum 6K and Magnum 10K software fix these vulnerabilities. Version 4.5.5 was released December 2014, and Version 4.5.6 was released January 2015. Users may download the latest software version and release notes from the following web site:
ICS-CERT recommends that users should perform access control checks to limit the user’s reach of the feature. Use an application firewall to detect XSS attacks. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.