Security Alert: Vulnerabilities Discovered in Millbeck Communications Proroute H685t-w 4G Router

Security Alert: Vulnerabilities Discovered in Millbeck Communications Proroute H685t-w 4G Router

Release Date: September 17, 2024
Alert Code: ICSA-24-261-02
Related Topics: Industrial Control System Vulnerabilities, Industrial Control Systems

Executive Summary

The Millbeck Communications Proroute H685t-w 4G router has been identified as vulnerable to command injection and cross-site scripting (XSS) attacks. With a CVSS v3 score of 8.8, these vulnerabilities pose a significant security risk, allowing remote attackers to exploit the device with low attack complexity.

Risk Evaluation

If successfully exploited, these vulnerabilities could enable attackers to execute arbitrary commands on the device’s operating system, compromising the security of the affected systems.

Technical Details

Affected Products

The vulnerability affects the following version of the Millbeck Communications Proroute H685t-w 4G router:

• Proroute H685t-w: Version 3.2.334

Vulnerability Overview

1. Command Injection (CWE-77)
   • Description: A command injection vulnerability exists in the device, where improperly neutralized input allows an attacker to execute malicious commands on the operating system.
   • CVE: CVE-2024-45682
   • CVSS v3.1 Base Score: 8.8 (Vector: AV

     /AC

     /PR

     /UI

     /S

     /C

     /I

     /A

     )

2. Cross-site Scripting (CWE-79)
   • Description: This vulnerability occurs when user input is improperly sanitized during web page generation, allowing an attacker to inject and execute arbitrary JavaScript in the victim's browser session.
   • CVE: CVE-2024-38380
   • CVSS v3.1 Base Score: 5.5 (Vector: AV

     /AC

     /PR

     /UI

     /S

     /C

     /I

     /A

     )

Background Information

• Critical Infrastructure Sectors: Commercial Facilities, Energy
• Deployment Areas: Worldwide
• Company Headquarters: United Kingdom

Researcher

The vulnerabilities were discovered and reported by Joe Lovett from Pen Test Partners, who shared the findings with CISA.

Mitigations

Millbeck Communications has released a firmware update to address these vulnerabilities. Users are advised to download and apply firmware patch v3.2.335 or higher to mitigate the risk of exploitation.

In addition, CISA recommends the following defensive measures:

1. Minimize Network Exposure: Ensure control systems and devices are not directly accessible from the internet.
2. Network Segmentation: Place control system networks and devices behind firewalls and separate them from business networks.
3. Use Secure Remote Access: If remote access is required, employ secure methods such as Virtual Private Networks (VPNs). Ensure VPNs are updated to the latest version, as they may contain vulnerabilities.
4. Perform Impact Analysis: Organizations should conduct thorough risk assessments before implementing defensive measures.

CISA also encourages organizations to adopt industry-recommended cybersecurity practices for protecting industrial control systems (ICS), including:

• Implementing defense-in-depth strategies
• Consulting CISA’s technical papers, such as ICS-TIP-12-146-01B, for intrusion detection and mitigation strategies

Additional Recommendations

Organizations should also stay vigilant against social engineering attacks. CISA provides the following guidance:

• Avoid Clicking Suspicious Links: Do not open unsolicited email links or attachments.
• Learn to Recognize Scams: Refer to guides like Recognizing and Avoiding Email Scams and Avoiding Social Engineering and Phishing Attacks to better protect against fraudulent activities.

Reporting Suspicious Activity

If malicious activity is observed, organizations are encouraged to follow their internal procedures and report incidents to CISA for tracking and correlation.

Conclusion

While no known public exploitation of these vulnerabilities has been reported to CISA at this time, the potential for attack remains high. Organizations using Millbeck Communications Proroute H685t-w devices should immediately update to the latest firmware and implement the recommended security measures to safeguard their systems.