Honeywell created firmware versions to mitigate two vulnerabilities in its Midas gas detector, according to a report on ICS-CERT.
Independent researcher Maxim Rupp, discovered the remotely exploitable vulnerabilities.
The following Midas versions suffer from the issue:
• Midas, Version 1.13b1 and prior versions
• Midas Black, Version 2.13b1 and prior versions
Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthenticated access to the device, potentially allowing configuration changes, as well as the initiation of calibration or test processes.
The affected products, Midas and Midas Black gas detectors, test air for specific toxic, flammable, and ambient gases.
Midas gas detectors see action across several sectors including chemical, commercial facilities, critical manufacturing, energy, food and agriculture, water and wastewater systems. Honeywell said these products see use worldwide.
In one of the vulnerabilities, the web server interface could allow an attacker to bypass the authentication process, potentially allowing unauthorized configuration changes to the device, as well as the initiation of calibration or test processes.
CVE-2015-7907 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
In another vulnerability, the user’s password does not end up encrypted during transmission.
CVE-2015-7908 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.4.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill would be able to exploit these vulnerabilities.
Honeywell released new firmware versions of the Midas and Midas Black gas detectors, which address the identified vulnerabilities. Click here for the new firmware versions for the Midas gas detector, Version 1.13b3, and the Midas Black gas detector, Version 2.13b3.
Honeywell recommends users install new versions on all affected products. Until a new version can end up installed, Honeywell suggested users with affected products take the following steps to protect themselves:
• Allow only trained and trusted persons to have physical access to the system, to include devices connected to the system through the Ethernet port
• Isolate the system from the Internet, or create additional layers of defense by placing the affected hardware behind a firewall or into a DMZ
• If remote connections to the device are required, consider using a Virtual Private Networks (VPN) or other means to ensure secure remote connections into the network
Click here for Honeywell’s Security Notification, SN 2015-10-14 01.