Menu
Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

The firmware contains a heavily modified SSH server that accepts any password or authentication key, researchers found

Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.

Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.

But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.

Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.

 

The firmware contains an open-source SSH server called Dropbear that has been heavily modified. As a result of these modifications, it no longer enforces authentication, allowing any user to connect to it with any public key and password, the Rapid7 researchers said in an advisory.

In addition, there might be another backdoor account built in with a hard-coded password, separate from the previously found and removed SSH key, the researchers said.

The new issue was fixed in version 2.00 of the firmware for EKI-1322, released on Dec. 30. Users are advised to update to this version as soon as possible.

Even though only the EKI-1322 firmware was tested, the Rapid7 researchers believe that the same authentication bypass flaw might exist in all other Advantech EKI serial-to-IP gateways.

Advantech advertises such products as a simple way to bring remote management and data accessibility to thousands of industrial devices that cannot natively connect to TCP/IP networks.

However, vulnerabilities like this one highlight the risks of connecting such sensitive equipment to the Internet and the importance of strong network segmentation policies in industrial environments.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments