ICSA-20-177-01
·
Published 2020-09-15
·
View on CISA ICS-CERT ↗
ENTTEC Lighting Controllers (Update A)
CVSS 8.8
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized SSH/SCP access to devices, inject malicious code, run commands with root privileges, and read, write, and execute files in system directories as any user.
Remediations
- ENTTEC has released RevB (June 2020) firmware that provides additional security measures to mitigate these vulnerabilities. ENTTEC recommends the Datagate Mk2, Storm 24, and Pixelator units should be updated to RevB (June 2020) firmware or newer. Once the firmware is updated and the device is configured, ENTTEC recommends locking the unit via the front panel menu. For more information see the ENTTEC Security bulletin.
- The E-Streamer Mk2 is discontinued and is no longer supported by ENTTEC. ENTTEC recommends upgrading to the S-PLAY to replace this product.
- ENTTEC recommends devices should be located behind appropriate firewalls and network controls, and not accessible from the Internet.
Affected Vendors
ENTTEC
Affected Products (4)
ENTTEC
·
Datagate Mk2
<= 70044_update_05032019-482
ENTTEC
·
E-Streamer Mk2 (End of Life)
<= 70044_update_05032019-482
ENTTEC
·
Pixelator
<= 70044_update_05032019-482
ENTTEC
·
Storm 24
<= 70044_update_05032019-482
Affected Sectors
Commercial Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more