SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-189360124] Sixnet BT Series Hard-coded Credentials Vulnerability

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-05-26OTHERSixnet BTNeil SmithN/A2016-4521N/AN/AN/A

Source

						
							
								
#
# Sixnet BT Series Hard-coded Credentials Vulnerability
#


### OVERVIEW

Independent researcher Neil Smith has identified a hard-coded credential vulnerability in Sixnet's BT series routers. Sixnet has produced patches and new firmware to mitigate this vulnerability.

This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.




### AFFECTED PRODUCTS

Sixnet reports that the vulnerability affects the following products:

Sixnet BT-5xxx and BT-6xxx series M2M cellular routers versions prior to 3.8.21.






### IMPACT

An attacker could exploit the hard-coded factory password to gain full access to the affected device.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.






### BACKGROUND

Sixnet is a US-based company owned by Red Lion Controls.

The affected products, Sixnet BT series routers, are used for providing high-speed, secure wireless connectivity to critical assets and devices at remote sites. According to Sixnet, the BT series routers are deployed across several sectors including Commercial Facilities, Energy, Financial Services, and Transportation Systems. Sixnet estimates that these products are used primarily in North America, Europe, and Asia.





### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW

USE OF HARD-CODED CREDENTIALS

There are hard-coded factory accounts on these devices.
CVE-2016-4521 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).






### VULNERABILITY DETAILS


# EXPLOITABILITY

This vulnerability could be exploited remotely.


# EXISTENCE OF EXPLOIT

Exploits that target this vulnerability are publicly available.


# DIFFICULTY

An attacker with a low skill would be able to exploit this vulnerability.





### MITIGATION

Sixnet has produced patches and new firmware (versions 3.8.21 or 3.9.8) to address this issue. Users are recommended to install the latest version. Firmware and release notes can be found on Sixnet's software and firmware page at the following location:

http://www.redlion.net/resources/software/sixnet-software/industrial-wireless-software-firmware