Advantech EKI Vulnerabilities (Update B)

Act Now10ICS-CERT ICSA-15-344-01BSep 12, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech EKI-132x network devices (industrial Ethernet switches) contain multiple critical vulnerabilities: OS command injection (CWE-78), buffer overflow (CWE-119), and memory corruption (CWE-592). These flaws allow unauthenticated remote attackers to execute arbitrary commands with high privileges. The vulnerabilities affect all versions of the EKI-132x platform. No firmware fix is available from the vendor.

What this means

What could happen

An attacker can execute arbitrary commands on Advantech EKI-132x network switches with no authentication required, potentially disrupting critical network connectivity in water or power distribution operations.

Who's at risk

Water authorities and municipal utilities operating Advantech EKI-132x industrial Ethernet switches in SCADA networks, remote terminal units (RTUs), and process automation systems should prioritize this vulnerability. These devices often sit between field sensors/actuators and control centers, making them critical to safe operation.

How it could be exploited

An attacker with network access to the device sends a specially crafted network request to trigger OS command injection (CWE-78) or buffer overflow (CWE-119) flaws. The device executes the attacker's commands with full privileges, allowing them to modify device configuration, redirect traffic, or disable the network switch entirely.

Prerequisites

Network access to the EKI-132x device (typically port 80 or management interface)
No credentials required
Device must be connected to an accessible network segment

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (94.5%)no patch availableaffects network availability and potentially safety systems

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

EKI-132x platform devices: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate affected EKI-132x devices from untrusted networks using air-gap, VLAN segmentation, or firewall rules that allow only authorized management traffic

WORKAROUNDDisable remote management interfaces (web UI, SSH, Telnet) if not actively needed; restrict access to specific engineering workstations only via firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor EKI-132x devices for suspicious configuration changes or unexpected command execution

Mitigations - no patch available

0/1

EKI-132x platform devices: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan replacement of EKI-132x devices with current, patchable network equipment from Advantech or alternative vendors

CVEs (4)

CVE-2014-6271 CVE-2014-0160 CVE-2012-2152 CVE-2015-7938

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/55fa6743-085e-4e46-b089-15b93d5497ea