05 October 2018
Critical vulnerabilities in Entes EMG 12 converters
Critical vulnerabilities have been identified in Entes EMG 12 series of protocol converters. Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized access to the devices and could allow the ability to change device configuration and settings.
The vulnerabilities are due to security flaws in the web interface of EMG12 Ethernet Modbus Gateway devices with firmware versions 2.57 or prior.
One vulnerability, CVE-2018-14826, is caused by an improper implementation of the authentication mechanism. An attacker could exploit this vulnerability to bypass authentication with a specially crafted URL, which could allow for remote code execution.
The second vulnerability, CVE-2018-14822, could also enable an attacker to execute arbitrary code by impersonating a legitimate user. This is an information exposure through query strings vulnerability.
The above issues were assigned CVSS v.3 base scores of 9.8 and 9.1, respectively.
The vendor recommends that users update to the latest available firmware version, which addresses these vulnerabilities.
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
23 November 2021
Good old buffer overflow
31 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
30 March 2021