Advantech EKI-1200 Buffer Overflow
Low RiskICS-CERT ICSA-15-041-01Nov 13, 2015
Summary
The Advantech EKI-1200 product line (all versions) contains a buffer overflow vulnerability (CWE-122) in its network or protocol handling functions. The vulnerability could allow an attacker with network access to send a malformed input that causes memory corruption and arbitrary code execution on the device. No patch is currently available from the vendor.
What this means
What could happen
A buffer overflow in the Advantech EKI-1200 device could allow an attacker to execute arbitrary code on the device. If the EKI-1200 is used for network monitoring, data acquisition, or control functions in your plant, code execution could disrupt communications or alter sensor readings used by your operational systems.
Who's at risk
Organizations operating Advantech EKI-1200 devices in any capacity should review this vulnerability. The EKI-1200 is commonly used as a protocol converter or network interface in industrial control systems, water utilities, and power distribution networks for SCADA data acquisition and communications.
How it could be exploited
An attacker would need to send a specially crafted network packet or input to the EKI-1200 that exceeds the expected buffer size, overwriting adjacent memory and causing the device to execute attacker-controlled code. This typically requires the attacker to be on the same network as the device or to have a route to it.
Prerequisites
- Network access to the EKI-1200 device
- Ability to send input that exceeds buffer limits (may not require authentication depending on the vulnerable function)
Buffer overflow vulnerabilityNo patch availableAffects industrial control systemsNetwork-accessible device
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (1)
ProductAffected VersionsFix Status
EKI-1200 product line: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1HARDENINGIsolate the EKI-1200 on a separate network segment if possible; restrict access from untrusted networks using firewall rules
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXContact Advantech to request a firmware update or security patch if one becomes available
Mitigations - no patch available
0/1EKI-1200 product line: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor network traffic to and from the EKI-1200 for unusual patterns or oversized packets
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ef8a5dc2-c615-4c9f-aea1-463d8be86f03