The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) recently issued an advisory [PDF file] regarding a privilege escalation vulnerability in Garrettcom's Magnum MNS-6K Management Software. The vulnerability was first uncovered by security researcher Justin W. Clarke.
"Search results recently returned by the Shodan computer search engine showed nine of the vulnerable devices connected to the Internet using US-based IP addresses," writes Ars Technica's Dan Goodin. "If the default credentials haven't been changed, the undocumented factory account can allow people with guest accounts to gain unfettered control of the devices, said Clarke, who is a researcher with Cylance, a firm specializing in security of industrial systems."
"The Magnum MNS-6K Management Software uses an undocumented hard-coded password that could allow an attacker with access to an established device account to escalate privileges to the administrative or full-access level," the ICS-CERT advisory states. "While an attacker must use an established account on the device under attack, this vulnerability facilitates the circumvention of physical-connect safeguards and could allow complete administrative level access to the system, compromising system confidentiality, integrity, and availability."
"GarrettCom's switches are used in a variety of industries, including transportation, utilities and defense," writes Threatpost's Dennis Fisher. "The company issued a new version of the affected software in May, but didn't note that the fix for this vulnerability was included in it."