GarrettCom industrial switches open to attack
Network switches from GarrettCom, which are built for industrial and infrastructure applications, are vulnerable to attack because they use a hard-coded password on a default account, but attackers must already have access to a login account on the device to exploit it. The warning came in an ICS-CERT security advisory
which identified the software – GarrettCom MNS-6K Rel, v4.1.14 and earlier and MNS-6K Rel v14.1.14 SECURE and earlier – as vulnerable. This software is found in a number of GarrettCom devices which not only handle networking but also do serial to IP conversion for SCADA systems.
An independent security researcher, Justin W. Clarke at Cylance, identified a privilege escalation vulnerability in the devices where the hard-coded password allowed logged-in users to escalate their privilege to full administrative access. The problem is that a "factory" account, intended only for local connections, exists in the software and a user logged in as "guest" or "operator" can acquire its privileges. GarrettCom fixed the problem on 18 May 2012, but did not document that the updated software had fixed the flaw in the release notes. The ICS-CERT advisory is the first public notification of the problem.
(djwm)