SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-556028727] LAVA Computer MFG Inc. Ether-Serial Link

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-10-10OtherLAVA Computer MFG Inc.Maxim Rupp reported this vulnerability to ICS-CERT. N/ACVE-2017-1400 N/AN/AN/A

Source

						
							
								
#
# LAVA Computer MFG Inc. Ether-Serial Link
#


### VULNERABLE VENDOR
LAVA Computer MFG Inc.


### VULNERABLE PRODUCT
Ether-Serial Link



### RESEARCHER
Maxim Rupp reported this vulnerability to ICS-CERT. 



### AFFECTED PRODUCTS

The following versions of LAVA Computer MFG Inc.'s Ether-Serial Links (ESL) are affected:

All ESLs running firmware versions 6.01.00/29.03.2007 and prior versions.



### IMPACT

Successful exploitation of this vulnerability could allow an attacker to spoof the IP address of an authenticated user, assume the authenticated user's identity, and gain privileges or access to the system.



### VULNERABILITY OVERVIEW

AUTHENTICATION BYPASS BY SPOOFING CWE-290
An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.
CVE-2017-14003 has been assigned to this vulnerability.
A CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Ontario, Canada




### MITIGATION

LAVA Computer MFG Inc. has not responded to requests to work with