Security Experts:

Connect with us

Hi, what are you looking for?


Security Infrastructure

ICS-CERT Warns of Hard Coded Password in ORing Industrial Control Systems

Attackers can remotely login to a control system used by electric utilities and oil and gas companies via a backdoor to gain administrative access, according to the Department of Homeland Security.

Attackers can remotely login to a control system used by electric utilities and oil and gas companies via a backdoor to gain administrative access, according to the Department of Homeland Security.

Taiwan-based ORing Industrial Networking products have hard-coded credentials within the operating system on its networking servers, DHS Industrial Control Systems, Cyber Emergency Response Team (ICS-CERT) said in an alert released Wednesday. The vulnerability in ORing Industrial DIN-Rail Device Server 5042/5042+ systems was found by Reid Wightman, an independent researcher working with Digital Bond, according to the alert bulletin.

ORing Vulnerability The vulnerability can be exploited remotely, and ICS-CERT said exploits targeting the system are known to be publicly available. Attackers can login to the system with administrative privileges, which means they can read and write to files and change settings, according to the alert.

Affected products are industrial serial device servers used for supervisory control and data acquisition systems, ICS-CERT said. ORing Industrial Networking devices are deployed across several sectors, including manufacturing, oil and gas, transportation, and electric utilities, and used in the United States, Europe, and Asia, according to the bulletin.

ICS-CERT released the alert because it has been “unable to successfully coordinate this vulnerability with ORing Industrial Networking because of the vendor’s unresponsiveness,” according to the bulletin.

A Common Vulnerability Scoring System base score of 10.0 has been assigned to the vulnerability, CVE 2012-4577. All versions of Industrial DIN-Rail Device Server IDS 5042 and 5042+ are affected, and it is possible other ORing Industrial Networking products may also be affected. There doesn’t appear to be an official fix to mitigate the flaw available at this time.

Organizations using affected ORing Industrial Networking products can take some “defensive measures” to protect against attackers remotely logging in, ICS-CERT said. The first step is to minimize network exposure for all control system devices. “Critical devices should not directly face the Internet,” ICS-CERT warned in the bulletin.

System networks and remote devices should be kept behind firewalls, and isolated from the business network, so that even if the attacker gets in, it’s harder to get into the business network where all the sensitive information is stored. Employees should also be reminded to use secure methods, such as Virtual Private Networks, to login remotely.

Users should also be reminded to not click on Web links or open unsolicited attachments in email messages. Of course, there is absolutely no reason why anyone should be surfing the Web or emailing on a system connected to industrial control systems.

“Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents,” ICS-CERT wrote in the bulletin.

Related: Cyber Espionage Campaign Targets Oil Companies

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.