OTPulse
FeedAboutContact

Monroe Electronics DASDEC Compromised Root SSH Key

Act NowICS-CERT ICSA-13-184-02Apr 5, 2013
Summary

Monroe Electronics DASDEC-I and DASDEC-II units contain a hardcoded root SSH private key in the firmware. An attacker with network access to the SSH service can authenticate as root and gain full administrative control of the device. This allows an attacker to modify emergency alert broadcasts, disable the system, or alter critical emergency management functions. No firmware updates are available from the vendor to remediate this issue.

What this means
What could happen
An attacker with physical access to the device or network access to SSH could use the compromised root SSH key to gain administrative control of the DASDEC unit, potentially allowing them to alter emergency alert broadcasts or disable the device entirely.
Who's at risk
Public warning and emergency alert system operators, particularly those responsible for civil defense, tsunami warnings, or emergency management systems that rely on DASDEC-I or DASDEC-II units to broadcast alerts to the public.
How it could be exploited
An attacker who obtains the hardcoded root SSH private key (embedded in the device firmware) can connect remotely to the DASDEC SSH service and authenticate without a password. This grants full administrative access to the device, allowing modification of alert messages, system configuration, or operational shutdown.
Prerequisites
  • Network access to SSH port on the DASDEC device (typically port 22)
  • Knowledge or possession of the compromised root SSH private key (publicly known or leaked)
Remotely exploitableNo authentication required (hardcoded key)No patch availableHigh EPSS score (62.9%)Affects safety-critical alert systems
Exploitability
High exploit probability (EPSS 62.9%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
DASDEC-I: vers:all/*All versionsNo fix (EOL)
DASDEC-II: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDRestrict network access to the DASDEC device SSH service using a firewall or access control list (ACL) to only authorized engineering and management systems
HARDENINGIf feasible, disable SSH access on DASDEC units that do not require remote administration and use only local serial/console management
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDContact Monroe Electronics to inquire about any out-of-band firmware updates or key rotation solutions
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: DASDEC-I: vers:all/*, DASDEC-II: vers:all/*. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate DASDEC units on a dedicated management VLAN separate from general IT networks
HARDENINGMonitor SSH access logs and authentication attempts to the DASDEC device for signs of unauthorized access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a9c1083f-bd90-408d-87ca-f8e33cc10f8f
Monroe Electronics DASDEC Compromised Root SSH Key - OTPulse