-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 3rd Party Vulnerabilities affecting StationGuard image < 2.00 - ------------------------------------------------------------------------ Security Advisory ID: OSA-3 Release Date: 2023-11-22 Revision: 1.1 OMICRON Product Security Team | security@omicronenergy.com Summary - ------------------------------------------------------------------------ StationGuard device image version 1.10.0056 and earlier are affected by vulnerabilities in the 3rd party component tar (CVE-2021-37701, CVE-2021-37712). An attacker could load a specially crafted backup file in StationGuard, which could cause files to be overwritten on the device. This could render the device inaccessible, which requires a pinhole factory reset to recover. The attack requires network access on port 20499/TCP, authenticated access (credentials) to the device and comprehensive knowledge about the API and the directory structure on the device. Alternatively, the attacker could compromise a backup file that is afterward loaded by an authorized user. Affected OMICRON Products - ------------------------------------------------------------------------ > StationGuard Image 1.00.0048 on all platforms > StationGuard Image 1.10.0056 on all platforms Vulnerability Classification - ------------------------------------------------------------------------ > CVE-2021-37701 > CWE-787: Out-of-bounds Write > Base Score: 7.5 > Risk Class: HIGH > Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H > CVE-2021-37712 > CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') > Base Score: 8.6 > Risk Class: HIGH > Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Security Advisory - ------------------------------------------------------------------------ Mitigation: OMICRON has released new software versions of StationGuard: device image 2.00.0068 and Configuration Software 2.0.69.0. Customers that are using the affected versions are recommended to install the latest update that is available in the customer portal (registration required) More information about StationGuard, including the link to the customer portal, can be found on https://www.omicronenergy.com/en/products/stationguard/ Workaround: Only accept StationGuard backup files from trusted sources. Always use the latest version of StationGuard. Furthermore, it is recommended to protect the TCP port 20499 against unauthorized access via firewall rules and/or VPN solutions. Acknowledgments - ------------------------------------------------------------------------ None. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmVdk+kACgkQ8BT0uMcu yBjWbA/8CI4UdU/yFo66hD6Q3lmq2cQe0F4CKnwYu+dy+gxx6jubh2pj0YXaoo1C Bcf8TFJsG+H/ITdl4sfyGA1h82OTPnsh8P4DZuGtXmqCAy1Rc6LqQKZ+EDNH8w/9 PsIis7WxERpjp5x6k3nQUukvMUiKKA6ZwWVzc5xelszV1Af/Sygbh9B36bIPAHaL u0ouaRoM5NEekEKIEwTwvihljUwhS32U0Mu0dcwGg5chaFUT++In+sD+IW7FtSO1 M/WZuVm15TwNfXorpZwDqdSMBBioYzelWYCtra57ATrlhkWhJ+cfMu0IgAgTKlYs lXODQdTVEfgLorWwaADMIw0XauOMatSjQ7d6UWTUni9jXh2/Ojn0aXED5g6HIT4z jdHAaqTzgje6yueTKiOBLxRll8FfOUklWssM0+Hk3sQaDR4pLSGypWReRDXfPIys LFGffb6b7OLnas5h/02Rc8Dg+oiNFA6G5C/f/sDLspwhf+jImdMEslAkn7M4wb87 CE+r0OmjQiPh/Phhtf5c67JAIJH1M0dUDx80dQs8Ik8oZ2CefybWwMeEGw7Oobsu +90Uzf25XrF9w2MHNW+Wi0dORKHV0pniv/DxuDN2xdKHKI3Z66Dx+Zs6J68Pnw33 gGQ2iecHV3L++q/YN7k7qN9cZqLHAQg2O0WSUuxe6G0vVYBcu6Y= =VPRH -----END PGP SIGNATURE-----