Your one-stop web resource providing safety and security information to manufacturers

Adcon Telemetry created new firmware to mitigate a cross-site scripting vulnerability in its A850 Telemetry Gateway Base Station, according to a report with ICS-CERT.

This vulnerability, discovered by independent researcher Aditya K. Sood, is remotely exploitable.

Sauter Won’t Update NovaWeb Hole
Moxa Clears Session Hijack Holes
Locus Energy Clears Vulnerability
Tesla Fixes Gateway ECU Vulnerability

A850 Telemetry Gateway Base Station, all versions suffer from the issue.

Successful exploitation of this vulnerability could allow the injection of arbitrary JavaScript that may affect the integrity of the system.

Schneider Bold

Adcon Telemetry is an Austria-based company that maintains offices in several countries around the world, including the U.S., Germany, and Austria.

The affected product, A850 Telemetry Gateway Base Station, is a wireless telemetry system. A850 Telemetry Gateway Base Stations see action across several sectors including commercial facilities, critical manufacturing, and water and wastewater systems. Adcon Telemetry said this product sees use primarily in the United States and Europe.

The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it goes in the output, which could allow for cross-site scripting.

CVE-2016-2274 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Adcon Telemetry has produced a new firmware version to mitigate this vulnerability. Adcon recommends users contact its distributor for information on how to obtain the new firmware version.

Pin It on Pinterest

Share This