ICSA-17-208-03
·
Published 2017-07-27
·
View on CISA ICS-CERT ↗
PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch
CVSS 9.4
CRITICAL
Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available
CVEs (2)
Remediations
- Always make sure any PDQ equipment is not accessible from the Internet; it should be behind a secure firewall.
- Whenever a machine or router is received and installed, always change the default password from the factory settings to a new password unique to the machine. If an existing site is still using the factory default passwords on a machine or router, immediately change the default password to a new, unique, strong password.
- Always set up the system network (router or Wi-Fi) with its security features enabled such that they require a username and password to be able to access the machine network.
- Do not set up the site router with “port forwarding” enabled. This can effectively expose the system to the Internet and may permit an unauthorized person to reach the machine login screen.
- Do not share passwords or write them down in an accessible place where unauthorized users may find them.
Affected Vendors
PDQ Manufacturing, Inc.
Affected Products (8)
PDQ Manufacturing, Inc.
·
LaserWash M5
vers:all/*
PDQ Manufacturing, Inc.
·
LaserWash 360 and 360 Plus
vers:all/*
PDQ Manufacturing, Inc.
·
LaserWash AutoXpress and AutoExpress Plus
vers:all/*
PDQ Manufacturing, Inc.
·
ProTouch AutoGloss
vers:all/*
PDQ Manufacturing, Inc.
·
ProTouch ICON
vers:all/*
PDQ Manufacturing, Inc.
·
LaserJet
vers:all/*
PDQ Manufacturing, Inc.
·
LaserWash G5 and G5 S Series
vers:all/*
PDQ Manufacturing, Inc.
·
ProTouch Tandem
vers:all/*
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more