ORing Industrial Networking IDS-5042/5042+ Hard-Coded Credential Vulnerability

Low RiskICS-CERT ICSA-12-263-02Jun 23, 2012

Summary

ORing Industrial DIN-Rail Device Server IDS-5042 and IDS-5042+ contain hard-coded credentials that cannot be changed. An attacker with network access to the device can authenticate using these credentials and gain unauthorized access to the device's configuration and management functions, potentially allowing them to intercept or redirect industrial network traffic.

What this means

What could happen

An attacker with network access to the IDS-5042 or IDS-5042+ device can log in using hard-coded credentials and remotely access or reconfigure the device, potentially intercepting or redirecting industrial network traffic.

Who's at risk

Manufacturing and transportation facilities that use ORing IDS-5042 or IDS-5042+ DIN-rail device servers for industrial networking, particularly those running unsegmented networks where these devices are reachable from untrusted network segments.

How it could be exploited

An attacker discovers the device on the network and connects to its management interface (likely web or SSH) using published or easily guessable hard-coded credentials. Once authenticated, the attacker can modify device configuration, disable features, or redirect traffic flowing through the device.

Prerequisites

Network access to the IDS-5042 or IDS-5042+ device on ports used for management (typically 22 for SSH or 80/443 for web interface)
Knowledge of the hard-coded credentials (likely publicly documented or easily discovered)

remotely exploitableno authentication required (uses hard-coded credentials)no patch availablehard-coded credentials

Exploitability

Moderate exploit probability (EPSS 1.8%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Industrial DIN-Rail Device Server IDS-5042: vers:all/*All versionsNo fix (EOL)

Industrial DIN-Rail Device Server IDS-5042+: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the IDS-5042 or IDS-5042+ management interface using firewall rules; allow only trusted engineering workstations or administrator IPs to connect to management ports (SSH, HTTP/HTTPS)

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network connections to the device for unauthorized access attempts and review device logs regularly for evidence of unauthorized configuration changes

HOTFIXContact ORing to determine if a firmware update or replacement device with configurable credentials is available

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Industrial DIN-Rail Device Server IDS-5042: vers:all/*, Industrial DIN-Rail Device Server IDS-5042+: vers:all/*. Apply the following compensating controls:

HARDENINGIsolate the IDS-5042 or IDS-5042+ device on a separate, protected management network (VLAN) that is segregated from production control networks

CVEs (1)

CVE-2012-4577

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/68e2e691-6eb5-4f56-a1bf-e0c1d84eb37a