1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Discussion in 'Network World' started by RSS, Jan 18, 2016.

  1. RSS

    RSS New Member Member

    Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.

    Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.

    But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.

    Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page