Menu
Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

The firmware contains a heavily modified SSH server that accepts any password or authentication key, researchers found

Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.

Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.

But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.

Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.

 

The firmware contains an open-source SSH server called Dropbear that has been heavily modified. As a result of these modifications, it no longer enforces authentication, allowing any user to connect to it with any public key and password, the Rapid7 researchers said in an advisory.

In addition, there might be another backdoor account built in with a hard-coded password, separate from the previously found and removed SSH key, the researchers said.

The new issue was fixed in version 2.00 of the firmware for EKI-1322, released on Dec. 30. Users are advised to update to this version as soon as possible.

Even though only the EKI-1322 firmware was tested, the Rapid7 researchers believe that the same authentication bypass flaw might exist in all other Advantech EKI serial-to-IP gateways.

Advantech advertises such products as a simple way to bring remote management and data accessibility to thousands of industrial devices that cannot natively connect to TCP/IP networks.

However, vulnerabilities like this one highlight the risks of connecting such sensitive equipment to the Internet and the importance of strong network segmentation policies in industrial environments.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments