There are two vulnerabilities in the JanTek JTC-200 the company will not be mitigating because they are developing a new JTC-300 model instead, according to a report with ICS-CERT.
The remotely exploitable vulnerabilities, discovered by Karn Ganeshan, are a cross-site request forgery and an improper authentication.
A TCP/IP converter, all versions of JTC-200 suffer from the issues.
Successful exploitation of these vulnerabilities could allow for remote code execution on the device with elevated privileges.
Public exploits are available. An attacker with low skill level could leverage the vulnerabilities.
In the cross-site request forgery vulnerability, an attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
CVE-2017-5789 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.0.
The improper authentication could provide undocumented Busybox Linux shell accessible over Telnet service without any authentication.
CVE-2017-5791 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product mainly sees use in the critical manufacturing sector. It also sees action in Europe and Asia.
Taiwan-based JanTek said it will not be developing mitigations for the vulnerabilities affecting JTC-200 as it will release a JTC-300 model scheduled to come out near the end of 2017.