Korenix mitigated the undocumented hard-coded root credentials in the firmware of its Korenix JetPort 5600 system application, according to a report on ICS-CERT.
The remotely exploitable vulnerability, released by Digital Bond’s Reid Wightman without coordination with ICS-CERT, the vendor, or any other coordinating entity, would allow attackers to exploit the product by using the hard-coded credential to log into the device with administrative privileges and gain access to the attached serial devices.
The Korenix JetPort is an industrial serial device server to control multiple serial devices over Ethernet. Korenix produced an upgraded firmware version that removes the accounts. This product sees use worldwide, primarily in the communications and information technology sectors. Exploits that target this vulnerability are publicly available. All versions of the JetPort 5600 series suffer from the issue.
Once an attacker gains access, it would be possible to read and write to the file system and reconfigure the device. Attackers may also have access to other serial devices attached to this product.
Taiwan-based Korenix, acquired by Beijer Electronics in 2010, has offices in several countries around the world, including the U.S., China, and Spain.
The JetPort 5600 series is a 4-port redundant serial device server that provides users with four serial interfaces. The device can control up to four serial devices over the Ethernet. Users can configure the device over HTTPS/SSH or by using the Korenix JetPort Commander software.
The affected products are industrial serial device servers used for SCADA systems. According to Korenix, they are in several sectors including the communications (50%) and information technology (50%) sectors.
An attacker can log into the device using the hard-coded credentials that grant administrative access. Administrative credentials allow users to change device settings and read and write to the file system. This could result in a loss of confidentiality, integrity, or availability. CVE-2012-4577 is the number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.
Korenix developed an upgraded version of firmware (v2.01) for the affected products. The upgraded firmware removes the root and guest accounts. Developers also removed the current version of OpenSSL (v0.9.8b). The v2.01 firmware cannot downgrade to v1.X.2 once upgraded. The Windows-based JetPort configuration tool, JetPort Commander, also upgraded to v3.0. The user can download the firmware upgrade from the Korenix software update Web site.