GarrettCom - Use of Hard-Coded Password
Low RiskICS-CERT ICSA-12-243-01Jun 3, 2012
Summary
GarrettCom MNS-6K industrial Ethernet switches contain a hard-coded password in the firmware that allows unauthenticated administrative access to the device management interface. An attacker who reaches the switch can authenticate and reconfigure network settings, potentially intercepting or disrupting communications between control system devices. No firmware patch is available; the device is end-of-life.
What this means
What could happen
An attacker with network access could log into your GarrettCom MNS-6K switch using a hard-coded password, gaining control of network traffic and potentially isolating critical control systems or enabling man-in-the-middle attacks on process communications.
Who's at risk
Water utilities and municipal electric utilities using GarrettCom MNS-6K industrial Ethernet switches for control system networking should prioritize this issue. The MNS-6K is commonly deployed as a managed switch in substations, water treatment plants, and pumping stations to interconnect field devices, PLCs, and SCADA workstations.
How it could be exploited
An attacker connects to the MNS-6K management interface (typically Telnet or HTTP) from your network and authenticates using the embedded hard-coded password. Once logged in, they can reconfigure switch ports, VLANs, or spanning tree settings to redirect or intercept traffic between your PLCs, RTUs, and engineering workstations.
Prerequisites
- Network access to the MNS-6K management interface (port 23 for Telnet or port 80 for HTTP)
- Knowledge of the hard-coded username and password
- The device must be reachable from an attacker's position on your network or from the internet if not firewalled
No authentication required beyond hard-coded credentialsNo patch available - device is end-of-lifeRemotely exploitable if device is network-accessibleAffects network infrastructure supporting safety systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
MNS-6K Rel: <=v4.1.14≤ v4.1.14No fix (EOL)
MNS-6K Rel: <=v14.1.14_SECURE≤ v14.1.14 SECURENo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3HARDENINGImplement network segmentation and firewall rules to restrict access to the MNS-6K management interface. Only allow administrative connections from designated engineering workstations on a separate management VLAN.
WORKAROUNDDisable Telnet and use SSH or HTTPS only for management access if supported by your firmware version.
HARDENINGImplement additional authentication controls such as VPN access requirements or IP whitelisting for management connections to the MNS-6K.
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: MNS-6K Rel: <=v4.1.14, MNS-6K Rel: <=v14.1.14_SECURE. Apply the following compensating controls:
HARDENINGEvaluate replacement or decommissioning of MNS-6K units since the vendor has not released a security patch and the device is end-of-life.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c3590844-91cc-4c2d-a14c-2cb40353362b