HMS Industrial Networks Anybus-CompactCom 30

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition, exfiltrate data, or obtain a high degree of control over the device and subsequent systems, including remote code execution .

CVEs (1)

Remediations

• HMS recommends that at least one of the following mitigations are implemented:
• Add password protection to all webpages served by the Anybus-CompactCom 30 module.
• Disable or add the option to allow the end-user to disable the webserver in the AnybusCompactCom 30.
• Make sure these products are used locally within a secure network utilizing proper network infrastructure controls. This will help ensure that unused or unnecessary protocols from unauthorized sources are blocked.
• Ensure that control systems and devices are situated behind firewalls, ensuring their isolation from the corporate network.
• Replace the Anybus-CompactCom 30 module with a Anybus-CompactCom 40 module.
• For more information see the associated HMS security advisory.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing