Menu
Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

The firmware contains a heavily modified SSH server that accepts any password or authentication key, researchers found

Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.

Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.

But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.

Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.

 

The firmware contains an open-source SSH server called Dropbear that has been heavily modified. As a result of these modifications, it no longer enforces authentication, allowing any user to connect to it with any public key and password, the Rapid7 researchers said in an advisory.

In addition, there might be another backdoor account built in with a hard-coded password, separate from the previously found and removed SSH key, the researchers said.

The new issue was fixed in version 2.00 of the firmware for EKI-1322, released on Dec. 30. Users are advised to update to this version as soon as possible.

Even though only the EKI-1322 firmware was tested, the Rapid7 researchers believe that the same authentication bypass flaw might exist in all other Advantech EKI serial-to-IP gateways.

Advantech advertises such products as a simple way to bring remote management and data accessibility to thousands of industrial devices that cannot natively connect to TCP/IP networks.

However, vulnerabilities like this one highlight the risks of connecting such sensitive equipment to the Internet and the importance of strong network segmentation policies in industrial environments.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments