← Back to home
ICSA-18-142-01  ·  Published 2018-08-30  ·  View on CISA ICS-CERT ↗

Martem TELEM-GW6/GWM (Update B)

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow execution of unauthorized industrial process control commands, full control over RTU, denial of service, or client-side code execution.

CVEs (4)

Remediations

  • Martem has provided updated information within the “Security Considerations” section of their Configuration Manual which can be accessed at following link:
  • Using "other side IP" field in RTU configuration for every TCP/IP channel. This will minimize the risk of allowing unauthorized access and control over the communication channels (i.e., only trusted partners are allowed);
  • Using secure VPN channels;
  • Proper packet filtering by enabling firewall in RTU configuration. Note that the "interface" field of every communication channel must be properly set in RTU configuration when firewall is enabled.
  • See Martem Security Advisory SA1805182:
  • See Martem Security Advisory SA1805184:
  • See Martem Security Advisory SA1805183:
  • See Martem Security Advisory SA1805181:
  • Martem recommends the following mitigations for CVE-2018-10605: Upgrade to new firmware release 2.0.87-4018403- k4 or newer
  • Martem recommends the following mitigations for CVE-2018-10605: Change default passwords to reasonably strong ones.
  • Martem recommends the following mitigations for CVE-2018-10605: Implement firewall rules to limit unsanctioned SSH access for IPv4 and IPv6.
  • Martem recommends the following mitigations for CVE-2018-10605: Use SSH public key authorization.
  • Martem recommends the following mitigations for CVE-2018-10605: Ensure GWS.exe is up to date.
  • Martem recommends the following mitigations for CVE-2018-10609: Upgrade to firmware 2.0.72-cb42e64-k4 or newer. Contact Martem for more information.
  • Martem recommends the following mitigations for CVE-2018-10609: WebServer should be turned on according to need of the configurator. If the WebServer is not needed anymore, then it should be removed from the configuration.
  • Martem recommends the following mitigations for CVE-2018-10609: WebServer access should be protected by strong password to avoid unauthorized access. Other side IP should be defined in configuration. Use firewall to avoid untrusted connections and to restrict the number of parallel connections to the WebServer.

Affected Vendors

Martem

Affected Products (2)

Martem · GW6 < 2.0.87-4018403-k4
Martem · GWM < 2.0.87-4018403-k4

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more