← Back to home
ICSA-23-010-01  ·  Published 2023-01-10  ·  View on CISA ICS-CERT ↗

Black Box KVM

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to read sensitive data on the built-in web servers of the affected devices.

CVEs (1)

Remediations

  • Black Box has provided an update to the firmware to mitigate this vulnerability and recommends all users update products to the latest versions:
  • Black Box KVM ACR1000A-T-R2: Update to firmware v3.6 or later
  • Black Box KVM ACR1002A-R: Update to firmware v3.6 or later
  • Black Box KVM ACR1020A-T: Update to firmware v3.6 or later
  • Black Box recommends users seek advice from third-party equipment or software package(s) vendors to evaluate if this vulnerability impacts third-party equipment/software.

Affected Vendors

Black Box

Affected Products (5)

Black Box · Black Box KVM ACR1000A-R-R2 3.4.31307
Black Box · Black Box KVM ACR1000A-T-R2 3.4.31307
Black Box · Black Box KVM ACR1002A-T 3.4.31307
Black Box · Black Box KVM ACR1002A-R 3.4.31307
Black Box · Black Box KVM ACR1020A-T 3.4.31307

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more