This article is more than 1 year old
Sierra Wireless manager spaffs logs to World+Dog
There's no authorisation on filteredlogs.txt
Sierra Wireless has disclosed a bug in its ACEmanager application that manages its wireless kit, but carelessly leaves log files lying around for anyone to see.
Described at ICS-CERT here, the first reaction to the disclosure might be “yeah, but it's only a little bug”.
Consider, however, whether log files can contain information useful to attackers.
Sierra's answer is "yes", because the advisory notes “an attacker may be able to learn operational characteristics of the gateway”. Among the possible learnings are the boot sequence of a device managed by the software.
Any device running ALEOS 4.4.2 and earlier from the following list are affected: LS300, GX400, GX440, ES440, GX450, and ES450.
The file – filteredlogs.txt – persists until reboot, or until the logfile is reloaded by the application.
Sierra has pushed out a patch here. ®