Summary: A security advisory from CERT@VDE has disclosed multiple critical vulnerabilities in the mbNET.mini industrial router, which could allow remote code execution and unauthorized access to industrial systems. Users are advised to update to the latest firmware version to mitigate these risks.
Threat Actor: Unauthenticated attackers | unauthenticated attackers
Victim: MB connect line | MB connect line
Key Point :
- Critical vulnerabilities allow unauthenticated attackers to execute arbitrary OS commands remotely (CVE-2024-45274).
- Hardcoded user accounts with default passwords enable easy device compromise (CVE-2024-45275).
- Local attackers can escalate privileges through malicious configuration files (CVE-2024-45271).
- Weak encryption allows decryption of sensitive configuration files (CVE-2024-45273).
- Unauthorized read access to files in the “/tmp” directory can leak sensitive data (CVE-2024-45276).
- Firmware version 2.3.1 addresses these vulnerabilities; users are urged to update immediately.
A security advisory issued by CERT@VDE has revealed multiple critical vulnerabilities in the mbNET.mini industrial router, a widely used device designed for secure remote access to industrial machines and systems. The router, produced by MB connect line, is essential for managing devices remotely, but these new vulnerabilities have exposed significant risks, allowing for remote code execution (RCE) and unauthorized access.
Vulnerabilities Unveiled:
- CVE-2024-45274 (CVSS 9.8): This critical vulnerability allows unauthenticated attackers to execute arbitrary OS commands remotely via UDP, effectively granting them full control over the device.
- CVE-2024-45275 (CVSS 9.8): Adding to the severity, the mbNET.mini contains hardcoded user accounts with default passwords, providing attackers with an easy avenue to compromise the device.
- CVE-2024-45271 (CVSS 8.4): Even local attackers can exploit the device. This vulnerability enables unauthorized privilege escalation through the deployment of a malicious configuration file.
- CVE-2024-45273 (CVSS 8.4): Weak encryption implementation allows attackers to decrypt the device’s configuration files, potentially exposing sensitive information and facilitating further attacks.
- CVE-2024-45276 (CVSS 7.5): Attackers can gain unauthorized read access to files stored in the “/tmp” directory, potentially leaking sensitive data.
Impact and Remediation:
The implications of these vulnerabilities are significant. Successful exploitation could lead to:
- Complete system takeover: Attackers could gain full control of the mbNET.mini and any connected industrial equipment.
- Data breaches: Sensitive operational data and configuration files could be stolen or manipulated.
- Disruption of operations: Attackers could disrupt industrial processes, leading to downtime and financial losses.
MB connect line has addressed these vulnerabilities in version 2.3.1 of the mbNET.mini firmware. Users are strongly urged to update their devices immediately to mitigate the risk of exploitation.