SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-806484582] Sierra Wireless AirLink Raven XE and XT

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-04-25OtherSierra WirelessIndependent researcher Karn Ganeshen identified and publicly released vulnerabilities in the Sierra Wireless AirLink Raven XE anN/ACVE-2017-6044 CVE-2017-6042 CVE-2017-6046 N/AN/AN/A

Source

						
							
								
#
# Sierra Wireless AirLink Raven XE and XT
#


### VULNERABLE VENDOR
Sierra Wireless


### VULNERABLE PRODUCT
AirLink Raven XE and XT



### RESEARCHER
Independent researcher Karn Ganeshen identified and publicly released vulnerabilities in the Sierra Wireless AirLink Raven XE and XT Gateways prior to coordinating with ICS-CERT; however, the researcher did initially coordinate the identified vulnerabilities with the vendor.



### AFFECTED PRODUCTS

The following Sierra Wireless gateways are affected:

AirLink Raven XE, all versions prior to 4.0.14, and
AirLink Raven XT, all versions prior to 4.0.11.



### IMPACT

Successful exploitation of these vulnerabilities may allow a remote attacker to perform unauthorized sensitive functions compromising the confidentiality, integrity, and availability of the affected system.



### VULNERABILITY OVERVIEW

IMPROPER AUTHORIZATION CWE-285
Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
CVE-2017-6044 has been assigned to this vulnerability.
A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)


CROSS-SITE REQUEST FORGERY (CSRF) CWE-352
Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.
CVE-2017-6042 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)


INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.
CVE-2017-6046 has been assigned to this vulnerability.
A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sector(s): Critical Manufacturing, Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: British Columbia, Canada




### MITIGATION

Sierra Wireless has released new firmware versions to address the forced browsing and cross-site request forgery vulnerabilities. Sierra Wireless reports that the insufficiently protected credentials vulnerability will not be addressed.

Sierra Wireless's Raven XE firmware Version 4.0.14, is available at the following location:

https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xe-firmware-list/


Sierra Wireless's Raven XT firmware Version 4.0.11, is available at the following location:

https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xt-firmware-list/


Sierra Wireless has released a Technical Bulletin, which is available at the following location:

https://source.sierrawireless.com/resources/airlink/software_reference_docs/raven-ics-alert-16-182-01/




For additional information about these vulnerabilities or the recommendations provided, please contact Sierra Wireless' security team at:

security@sierrawireless.com