Cisco Network Building Mediator

Low RiskICS-CERT ICSA-10-147-01Feb 27, 2010

Summary

Cisco Network Building Mediator NBM-2400 and NBM-4800, and Richards-Zeta Mediator 2500 contain authentication bypass vulnerabilities (CWE-306, CWE-284) and information disclosure weaknesses (CWE-200) that allow unauthenticated users to access the management interface. The affected versions are NBM-2400 and NBM-4800 below version 3.1.1, and all versions of Richards-Zeta Mediator 2500.

What this means

What could happen

Unauthorized users could bypass authentication and access the Network Building Mediator, potentially allowing them to view, modify, or disrupt building automation controls and energy management operations.

Who's at risk

Building operators and facility managers using Cisco Network Building Mediator (NBM-2400, NBM-4800) or Richards-Zeta Mediator 2500 to manage HVAC, lighting, energy management, and other building automation systems. This affects municipal buildings, office complexes, hospitals, and any facility using these mediators for centralized building control.

How it could be exploited

An attacker on the network could send unauthenticated requests to the Mediator's management interface to bypass access controls and gain administrative privileges without valid credentials, enabling manipulation of building systems.

Prerequisites

Network access to the Mediator management interface (typically ports 80, 443, or 502)
No valid credentials required

No authentication requiredRemotely exploitableNo patch available (end-of-life products)Affects operational systems

Exploitability

Moderate exploit probability (EPSS 2.3%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

Cisco Network Building Mediator NBM-2400: <3.1.1<3.1.1No fix (EOL)

Cisco Network Building Mediator NBM-4800: <3.1.1<3.1.1No fix (EOL)

Richards-Zeta Mediator 2500: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the Mediator management interface using firewall rules; only allow connections from authorized engineering workstations and building control systems

WORKAROUNDDisable remote management access to the Mediator if not required for operations

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: Cisco Network Building Mediator NBM-2400: <3.1.1, Cisco Network Building Mediator NBM-4800: <3.1.1, Richards-Zeta Mediator 2500: vers:all/*. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the Mediator and building automation systems from general corporate networks

HARDENINGMonitor for unauthorized access attempts to the Mediator interface and log all administrative actions

CVEs (6)

CVE-2010-0595 CVE-2010-0596 CVE-2010-0597 CVE-2010-0598 CVE-2010-0599 CVE-2010-0600

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9a8bc422-692e-4523-9d85-651ad122beea