Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



Critical Vulnerabilities Found in Sealevel Device Used in ICS Environments

Cisco’s Talos security researchers have published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W WiFi-connected edge device.

Cisco’s Talos security researchers have published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W WiFi-connected edge device.

The internet of things (IoT) device is used in industrial control system (ICS) environments for the monitoring of real-world I/O processes. The identified bugs could be exploited to execute arbitrary code on a vulnerable device, or to perform man-in-the-middle attacks.

The most severe of the newly disclosed bugs are three buffer overflow issues rated “critical severity,” which could be exploited to achieve remote code execution on vulnerable devices.

With a CVSS score of 10, two of the flaws were identified in the LLMNR and NBNS name resolution services that SeaConnect 370W exposes. The bugs are tracked as CVE-2021-21960 and CVE-2021-21961.

“The vulnerability occurs when attempting to copy the queried name to a local buffer of fixed size (identified above as name_buffer). The implementation does not conduct any bounds checking prior to copying the data, simply trusting the supplied length field will be accurate and no larger than 32 bytes,” Talos explains.

[READ: Serious Vulnerabilities Found in Wi-Fi Module for Critical Industrial Applications]

Thus, an attacker can supply a significantly large length value to trigger a stack-based buffer overflow, which would provide them with control of the program counter, Talos says. The attacker can trigger the issue using crafted network packets, achieving remote code execution.

Featuring a CVSS score of 9.0 and tracked as CVE-2021-21962, the third critical bug is a heap-based buffer overflow identified in the OTA Update “u-download” functionality of SeaConnect 370W. An attacker can use specially-crafted MQTT payloads to exploit the flaw and achieve remote code execution.

Talos also discovered that the SeaConnect device is impacted by a high-severity vulnerability (CVE-2021-21959) that exists because of a misconfiguration in the MQTTS functionality, and which could be exploited to perform man-in-the-middle attacks and control the device’s functionality.

An attacker able to mount a man-in-the-middle attack against the device could then exploit a series of other vulnerabilities to perform malicious actions, such as file overwrites.

Talos also disclosed information on CVE-2021-21967 (CVSS score of 6.5), another vulnerability that can be exploited to carry out man-in-the-middle attacks, as well as CVE-2021-21964 and CVE-2021-21965 (CVSS score of 8.6), which could be exploited to cause a denial of service (DoS) condition.

Cisco’s security researchers note that they have worked with Sealevel to ensure that all of the identified vulnerabilities are correctly resolved. Patches were released in late January.

Related: Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors

Related: CODESYS Patches Dozen Vulnerabilities in Industrial Automation Products

Related: Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...