-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Security Advisory ID: OSA-7
Release Date: 2023-11-22
Revision: 1.1
OMICRON Product Security Team | security@omicronenergy.com

3rd Party Vulnerabilities affecting StationGuard and StationScout

Summary
- ----------------------------------------------------------------------------

Vulnerability in OpenSSL error handling affects StationGuard and StationScout
Desktop Client versions 2.20 and 2.21
Due to CVE-2023-23919, there is a potential scenario where an attacker could
trigger a denial-of-service situation on the StationScout or StationGuard
Desktop client's start page (while the sensor itself continues to operate
without disruption). The attacker could achieve this by impersonating an
RBX/MBX/VBX device via OMFind, presenting a deliberately crafted GRPC server
certificate upon connection. Since the client establishes connections to all
devices on the start page, the denial of service would occur as soon as the
malicious device becomes visible on the neighboring network or if the user
manually connects to its IP address.

Vulnerability in Node.js allows HTTP Request Smuggling on device hosted web UI of 
StationGuard Image versions 2.20.0080 and 2.21.0081 and StationScout Image versions 
2.20.0063 and 2.21.0064 
Vulnerability CVE-2023-30589 allows a remote attacker to initiate a WebSocket
connection with the web server running on the RBX/MBX/VBX by employing carefully
crafted HTTP requests that enable them to bypass authentication within these
requests. As a result, a remote attacker can gain full access to the
StationGuard or StationScout web application without the requirement of a valid
password, while access to the underlying system remains restricted.

Denial of Service Vulnerabilities in Network Detection Engine of StationGuard
Image before version 2.30.0092
Certain components of the StationGuard detection engine could be vulnerable to
attacks using specially crafted network packets, potentially leading to a denial
of service (DoS) condition. In the aftermath of a DoS attack, StationGuard may
enter a state of recovery, during which users may continuously receive critical
alerts regarding an internal issue. 


Affected OMICRON Products
- ----------------------------------------------------------------------------

These 3rd party vulnerabilities affect the following OMICRON product(s):

> StationGuard Image 1.00.0048 on all platforms
> StationGuard Image 1.10.0056 on all platforms
> StationGuard Image 2.00.0068 on all platforms
> StationGuard Image 2.10.0073 on all platforms
> StationGuard Image 2.20.0080 on all platforms
> StationGuard Image 2.21.0081 on all platforms

> StationScout Image 1.00.0011 on all platforms
> StationScout Image 1.10.0017 on all platforms
> StationScout Image 1.15.0024 on all platforms
> StationScout Image 1.20.0056 on all platforms
> StationScout Image 1.30.0040 on all platforms
> StationScout Image 2.00.0056 on all platforms
> StationScout Image 2.10.0059 on all platforms
> StationScout Image 2.20.0063 on all platforms
> StationScout Image 2.21.0064 on all platforms

> StationGuard Configuration Software 2.20
> StationGuard Configuration Software 2.21

> StationScout Desktop Client 2.20 
> StationScout Desktop Client 2.21


Vulnerability Classification
- ----------------------------------------------------------------------------

> CVE-2023-23919
> CWE-391: Unchecked Error Condition
> Base: Score 7.5
> Risk Class: High
> Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

> CVE-2023-30589
> CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
> Base: Score 8.2
> Risk Class: High
> Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C


Security Advisory
- ----------------------------------------------------------------------------

Mitigation:

OMICRON has released new software versions of StationGuard and StationScout
which fix these vulnerabilities. Customers that are using the affected versions
are recommended to install the latest update that is available in the customer
portal (registration required).

More information about StationGuard and StationScout, including the link to
download them, can be found on
https://www.omicronenergy.com/en/products/stationguard/ and
https://www.omicronenergy.com/en/products/stationscout/


Acknowledgments
- ----------------------------------------------------------------------------

None
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmVd1w0ACgkQ8BT0uMcu
yBjTQQ/+MMfftdPIH5JOwyKGtTiS7uiCqQ8gtcyBFf88onYGmb6+lY/JNSAZHEsG
XVVga7I1eTyxv4Jqof+z9HMozYwmivwBnDiD0ZQQdGwUhY0j5UJGi7SFwxLLRu2+
Sux4FzNDt6khjRgRQgChAZYl35ErwgzuZ57NEueUwoVvyMcXEOz4CGYiNttN/qIY
SdXZnKEt0M539RXbb/IbeN9cdScXj2IyknrFO8zmPrfU6TbuRXigQl6Q450DeTY9
jpKkQzYzyuGUzAjRSePjsB1oCxia3BxLQWDyUiaEQyye6gRSDTavVCQzZ0X5HuS0
RKPLi5m4KWq+a60EvNIJ8ifNSfqA+tUyZxq+bYDwV+yiADQYOCek9LEd18MPI5DG
j5Lff2vvtG0E285nhNO3gltTW93vVlKoV2cvsU8zPfsVSAMaZ9UE6vw77zqDhZ4X
xgmaPdOIU0Dq6i2JbjRFDhJVghtZXLvvOvSphT2BfqABG+7ZDIwuw4+182JP1JJ2
xw+TONwrKR+NZ7UVHjOiLSRSkIXPj3YvR3wqFMCFnzufdkiZegxh/jiDOyv/sE39
CFCt+BceKMZTAVN+BM8Y1B4n/f081DhJVxxoPJZ5/C8k/llMxP8MxTZSkH42J+WO
D9/DACq+K3X1tEmRWyMr6RZSxgMz5dMvOE+YYBbcwDaZROw9KHU=
=61bQ
-----END PGP SIGNATURE-----