Rewterz Threat Advisory – ICS : Johnson Controls Kantech KT-1 Door Controller
September 13, 2021Rewterz Threat Advisory – Multiple QNAP Security Vulnerabilities
September 13, 2021Rewterz Threat Advisory – ICS : Johnson Controls Kantech KT-1 Door Controller
September 13, 2021Rewterz Threat Advisory – Multiple QNAP Security Vulnerabilities
September 13, 2021Severity
High
Analysis Summary
CVE-2019-14925
The affected products store and reads configuration settings from a file that has insecure world-readable permissions assigned. This could allow all users on the system to read the configuration file containing usernames and plain text password combinations, as well as other sensitive configuration information of the RTU.
CVE-2019-14926
Hard-coded SSH keys have been identified in the affected product’s firmware. As the secure keys cannot be regenerated by a user and are not regenerated on firmware updates, all deployed affected products utilize the same SSH keys.
CVE-2019-14927
It is possible to download the affected product’s configuration file, which contains sensitive data, through the URL.
CVE-2019-14928
The affected product’s web configuration software allows an authenticated user to inject malicious data into the application that can then be executed in a victim’s browser, allowing stored cross-site scripting.
CVE-2019-14929
The affected products store password credentials in plain text in a configuration file. An unauthenticated user can obtain the exposed password credentials to gain access to the specific services.
CVE-2019-14930
The affected products contain undocumented user accounts with hard-coded password credentials. An attacker could exploit this vulnerability by using the accounts to login to affected RTU’s.
CVE-2019-14931
The affected product allows an attacker to execute arbitrary commands due to the passing of unsafe user-supplied data to the system shell.
Impact
- Unauthorized Access
- Code Execution
- Credential Theft
- Cross-site Scripting
Affected Vendors
Mitsubishi Electric
Affected Products
- smartRTU and INEA ME-RTU: All firmware versions prior to Version 3.3
Remediation
Refer to ICS Advisory for the patch, upgrade, or suggested workaround information.