Meinberg Radio Clocks LANTIME M-Series XSS

Low RiskICS-CERT ICSA-14-275-01Jul 5, 2014

Summary

The Meinberg LANTIME M-Series radio clock contains a cross-site scripting (XSS) vulnerability in its web interface. An attacker could inject malicious JavaScript code that executes in the browser of users accessing the device management interface. The vulnerability affects LANTIME M-Series models running firmware version V6.15.019 and earlier. No firmware update is available from the vendor.

What this means

What could happen

An attacker could inject malicious code into the LANTIME web interface that executes in the browser of anyone accessing the device. This could allow credential theft or malicious commands to be executed on the time synchronization system.

Who's at risk

This affects water utilities, electric utilities, and other critical infrastructure that rely on Meinberg LANTIME M-Series radio clocks for precise time synchronization. Any organization using these devices for network time protocol (NTP) or SNMP monitoring should care, especially if the devices are accessible from engineering workstations or the corporate network.

How it could be exploited

An attacker with network access to the LANTIME web interface could inject JavaScript code through a vulnerable input field. When an administrator or technician accesses the web UI, the malicious code runs in their browser, potentially allowing the attacker to steal session cookies, redirect them to a phishing site, or perform unauthorized actions on the device.

Prerequisites

Network access to the LANTIME web interface (typically HTTP/HTTPS port)
User interaction (victim must visit a page containing the injected code)

Remotely exploitableRequires user interactionNo patch availableAffects time synchronization systems

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (1)

ProductAffected VersionsFix Status

LANTIME M-Series models: <=V6.15.019≤ V6.15.019No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the LANTIME M-Series web interface using a firewall or network segmentation. Allow only authorized engineering workstations and monitoring systems to reach the device.

WORKAROUNDDisable remote access to the LANTIME web interface if not required for operations. Access the device only from the local network or through a secure jump host.

Long-term hardening

0/1

HOTFIXEvaluate upgrade options or replacement with a newer LANTIME model that includes XSS mitigations.

Mitigations - no patch available

0/1

LANTIME M-Series models: <=V6.15.019 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor for suspicious activity on the LANTIME device, including unusual web requests or administrative actions.

CVEs (1)

CVE-2014-5417

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/66149462-af4e-4d97-bcce-d5f62f8b760d