Mirion Technologies is working on a fix to mitigate use of hard-coded cryptographic key and inadequate encryption strength vulnerabilities in its telemetry enabled devices, according to a report with ICS-CERT.
Successful exploitation of these vulnerabilities, discovered by Ruben Santamarta of IOActive, could allow an attacker to transmit fraudulent data or perform a denial of service.
The following telemetry enabled devices suffer from the vulnerabilities:
• DMC 3000 Transmitter Module
• iPam Transmitter f/DMC 2000
• RDS-31 iTX and variants (incl. RSD31-AM Package)
• DRM-1/2 and variants (incl. Solar PWR Package)
• DRM and RDS Based Boundary Monitors
• External Transmitters
• Telepole II
• MESH Repeater
No known public exploits specifically target these vulnerabilities. In addition, these vulnerabilities are not remotely exploitable. An attacker would need a high skill level to exploit the vulnerabilities.
In one vulnerability, an unchangeable, factory-set key is included in the 900 MHz transmitter firmware.
CVE-2017-9649 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.0.
In addition, decryption of data is possible at the hardware level.
CVE-2017-9645 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.0.
The products see uses in nuclear reactors, materials, and waste sectors. They mainly see action in the United States and Europe.
San Ramon, California-based Mirion Technologies recommends users of 900 MHz devices compare data received with expected results and past results. Inconsistencies could indicate the presence of an interfering device.
Users of 2.4 GHz devices should contact Mirion Technologies for instructions to configure a unique encryption key where needed.
Mirion Technologies is continuing their investigation of this matter and expects to provide users with additional news and solutions in the next three months.