OTPulse
FeedAboutContact

Korenix Jetport 5600 Series Hard-coded Credentials

Low RiskICS-CERT ICSA-12-297-02Jul 27, 2012
Summary

JetPort 5600 devices contain hard-coded credentials that cannot be changed. An authenticated attacker can access the management interface of the device. The vendor has not provided a security update for this issue across all versions.

What this means
What could happen
An attacker with network access to a JetPort 5600 device can log in using hard-coded credentials to gain administrative control, potentially allowing remote shutdown of the device, modification of network configurations, or access to connected industrial processes.
Who's at risk
Water authorities and municipal utilities using Korenix JetPort 5600 devices as industrial gateways, terminal servers, or network access points in SCADA networks, control system networks, or any environment where the device bridges IT and OT networks.
How it could be exploited
An attacker identifies a JetPort 5600 on the network and connects to its management interface (typically web-based or SSH). The attacker uses publicly documented hard-coded credentials to authenticate as an administrator. Once logged in, the attacker can reconfigure the device, redirect traffic, or perform actions that affect connected industrial equipment.
Prerequisites
  • Network access to the JetPort 5600 management interface (port 80, 443, 22, or similar)
  • Knowledge of the hard-coded credential pair
  • Device must be reachable from the attacker's network segment
Hard-coded credentialsNo patch availableRemotely exploitableNo authentication mechanism to prevent credential use
Exploitability
Moderate exploit probability (EPSS 1.8%)
Affected products (1)
ProductAffected VersionsFix Status
JetPort 5600: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network segmentation: restrict access to the JetPort 5600 management interface to authorized engineering workstations only using firewall rules or VLAN isolation
WORKAROUNDDisable unused management services (SSH, HTTP, etc.) if not required for operations; if enabled, restrict access by IP address
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor access logs to the device for any suspicious login attempts or unauthorized configuration changes
Mitigations - no patch available
0/1
JetPort 5600: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGDevelop a long-term replacement plan for JetPort 5600 units, as the vendor has not provided a patch and the device uses hard-coded credentials that cannot be changed
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/033b5645-de1d-4665-bb56-ab8948c1a848