Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Several Security Bugs Found in GarrettCom Magnum Industrial Switches

Researchers have identified several vulnerabilities in Magnum 6K and Magnum 10K managed ethernet switches produced by Belden GarrettCom. The vendor has released firmware updates to address the security holes.

Researchers have identified several vulnerabilities in Magnum 6K and Magnum 10K managed ethernet switches produced by Belden GarrettCom. The vendor has released firmware updates to address the security holes.

GarrettCom Magnum is a line of managed switches designed for harsh industrial environments. The devices are deployed in the United States in critical infrastructure sectors such as defense industrial base, critical manufacturing, water, energy, and transportation.

According to an advisory published by ICS-CERT, Qualys vulnerability research engineer Ashish Kamble and researcher Eireann Leverett have identified multiple issues affecting Magnum 6K and 10K products running firmware versions prior to 4.5.6. An advisory published by GarrettCom reveals that the vulnerabilities impact the Magnum 10KT, 10KG, 6K32, 6K25, 6K16, 6K8, 6KL, 6KM and 6KQ product lines.

Experts found that the firmware installed on vulnerable switches contains a hardcoded password linked to a privileged account used for maintenance and support (CVE-2015-3959).

Kamble says an attacker can use the password to access the switch, and execute arbitrary commands or shut down the device. The researcher says he has identified 17 Magnum switches connected to the Internet using the Shodan search engine. These devices are still running vulnerable versions of the firmware.

GarrettCom noted that the account for the privileged user is not actually enabled in the operating switch, but agrees that the presence of the password in the firmware is “inappropriate.”

Researchers discovered that the firmware also contains hardcoded RSA private keys and certificate files (CVE-2015-3960).

“An attacker having access to these certificates and keys could not only decrypt the HTTPS secure traffic but also log in via SSH without a username/password to any device running the same version of the firmware,” Kamble said in a blog post.

The device’s web server is plagued by denial-of-service (DoS) and cross-site scripting (XSS) vulnerabilities.

The DoS flaw (CVE-2015-3961) can be exploited by issuing a certain form of URL against the web server. This triggers a memory corruption, which can cause the switch to reboot. The XSS vulnerabilities (CVE-2015-3942) exist due to improper sanitization of user input. An unauthenticated attacker can leverage the flaws to execute arbitrary code.

GarrettCom has addressed the security holes with the release of version 4.5.6 of the firmware. The company advises customers to update their installations as soon as possible.

Related: Learn more at the ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.