The affected products store and reads configuration settings from a file that has insecure world-readable permissions assigned. This could allow all users on the system to read the configuration file containing usernames and plain text password combinations, as well as other sensitive configuration information of the RTU.
Hard-coded SSH keys have been identified in the affected product’s firmware. As the secure keys cannot be regenerated by a user and are not regenerated on firmware updates, all deployed affected products utilize the same SSH keys.
It is possible to download the affected product’s configuration file, which contains sensitive data, through the URL.
The affected product’s web configuration software allows an authenticated user to inject malicious data into the application that can then be executed in a victim’s browser, allowing stored cross-site scripting.
The affected products store password credentials in plain text in a configuration file. An unauthenticated user can obtain the exposed password credentials to gain access to the specific services.
The affected products contain undocumented user accounts with hard-coded password credentials. An attacker could exploit this vulnerability by using the accounts to login to affected RTU’s.
The affected product allows an attacker to execute arbitrary commands due to the passing of unsafe user-supplied data to the system shell.
Refer to ICS Advisory for the patch, upgrade, or suggested workaround information.