Connect with us

Hi, what are you looking for?



Critical Flaws Allow Hackers to Take Control of Kunbus Industrial Gateway

Several serious vulnerabilities have been identified in a gateway made by Kunbus, including flaws that can be exploited to take complete control of a device.

Several serious vulnerabilities have been identified in a gateway made by Kunbus, including flaws that can be exploited to take complete control of a device.

Germany-based Kunbus offers connectivity solutions for industrial networks. The company’s gateway products, which are used by various types of organizations around the world, are designed to provide continuous and reliable communications between different networks and systems.

Vulnerabilities in Kunbus gatewayNicolas Merle, a researcher with industrial cybersecurity firm Applied Risk, discovered that Kunbus’ PR100088 Modbus gateway is affected by a total of five flaws. The issues impact devices running version 1.0.10232 of the software – and likely earlier versions as well – and most of them have been resolved by the vendor with the release of version 1.1.13166 (Security Update R02).

Of the five vulnerabilities, Applied Risk has classified two as “critical” and two as “high severity.”

One of the critical flaws is related to the fact that the gateway’s web application fails to verify that the user is logged in when the password is changed. If an administrator accesses the web interface at some point and the device has not been restarted, an unauthenticated attacker can go to the password changing page and set their own password, even if the legitimate admin is no longer logged in.

The flaw, tracked as CVE-2019-6527, allows malicious actors to take complete control of the device and lock legitimate admins out, Applied Risk says.

Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

Another critical vulnerability, identified as CVE-2019-6533, can be exploited to read and modify the registers used to store Modbus values. This can be done without authentication and it can allow an attacker to cause a denial-of-service (DoS) condition by rebooting the device.

Advertisement. Scroll to continue reading.

Merle also discovered that when a user authenticates, an HTTP GET request containing their password in clear text is sent to the device. This enables an attacker who can intercept traffic to easily obtain the password.

The researcher also found that an attacker can launch a DoS attack against a device by sending a long request (with a length greater than 256 characters) to the FTP service.

Also related to FTP, the service can be used to retrieve user credentials stored on the device in clear text in an XML file.

The software update released by Kunbus should patch all of these vulnerabilities, except for the last issue, which the vendor expects to fix with Security Update R03 in late February.

In addition to releasing patches, Kunbus recommends that users ensure the devices are used in protected industrial networks, as intended, rather than on public networks.

Advisories describing these vulnerabilities have been published by Applied Risk, ICS-CERT and Kunbus.

Related: Power Grid Protection Firm SEL Patches Severe Software Flaws

Related: Serious Flaws Found in ABB Safety PLC Gateways

Related: Internet Exposure, Flaws Put Industrial Safety Controllers at Risk of Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...