This article is more than 1 year old
Advantech authentication forgets the authentication part
Industrial gateways also carry a debugging backdoor
Advantech's EKI series of Modbus-to-TCP/IP gateways have a critical authentication bug, according to HD Moore of Rapid7.
Back in December, Moore made a bunch of disclosures about the same product (including Shellshock and Heartbleed exposure).
His latest discovery is that the EKI's Dropbear SSH daemon isn't authenticating users.
“As of the 1.98 version of the firmware, The Dropbear daemon included had been heavily modified. As a result, it does not actually enforce authentication. During testing, any user is able to able to bypass authentication by using any public key and password”, the company writes.
Dropbear is designed for environments where memory is in short supply, making it popular in industrial control environments.
The company also wrote a debugging username/password combination (“remote_debug_please:remote_debug_please”) into the firmware and forgot to remove it.
Advantech has since patched the two bugs, here. ®