Tec4Data released new firmware to fix a missing authentication for critical function vulnerability in its SmartCooler, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Ankit Anubhav of NewSky Security, could cause the device to shut down by exploiting missing authentication for a critical function.

Rockwell Fixes RSLinx Classic Holes
Buffer Overflow in WECON PLC Editor
Honeywell Fixes Mobile Computer Hole
Siemens Fixes SCALANCE X Switches

A cooling appliance, all versions of SmartCooler prior to firmware 180806 suffer from the remotely exploitable vulnerability.

In the vulnerability, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. 

Schneider Bold

CVE-2018-14796 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees action mainly in the commercial facilities sector. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Austria-based Tec4Data released new firmware to address the vulnerability and has distributed the new firmware to affected devices.

Pin It on Pinterest

Share This