Adcon Telemetry created new firmware to mitigate a cross-site scripting vulnerability in its A850 Telemetry Gateway Base Station, according to a report with ICS-CERT.
This vulnerability, discovered by independent researcher Aditya K. Sood, is remotely exploitable.
A850 Telemetry Gateway Base Station, all versions suffer from the issue.
Adcon Telemetry is an Austria-based company that maintains offices in several countries around the world, including the U.S., Germany, and Austria.
The affected product, A850 Telemetry Gateway Base Station, is a wireless telemetry system. A850 Telemetry Gateway Base Stations see action across several sectors including commercial facilities, critical manufacturing, and water and wastewater systems. Adcon Telemetry said this product sees use primarily in the United States and Europe.
The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it goes in the output, which could allow for cross-site scripting.
CVE-2016-2274 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.
Adcon Telemetry has produced a new firmware version to mitigate this vulnerability. Adcon recommends users contact its distributor for information on how to obtain the new firmware version.