Adcon Telemetry A840 Vulnerabilities
Act Now10ICS-CERT ICSA-15-349-01Sep 17, 2015
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Adcon A840 Telemetry Gateway Base Station contains multiple critical vulnerabilities: CWE-798 (hardcoded credentials), CWE-287 (broken authentication), CWE-319 (cleartext transmission), and CWE-200 (information exposure). The device ships with default credentials that cannot be changed and uses unencrypted communication protocols. These allow unauthenticated remote attackers to retrieve sensitive information, impersonate legitimate telemetry connections, and potentially send unauthorized commands to monitored sites. All versions are affected. The A840 is end-of-life and no vendor patch is available.
What this means
What could happen
An attacker with network access could use default credentials to authenticate to the A840 gateway, then intercept unencrypted communications or hardcoded credentials to gain unauthorized access to the telemetry network, potentially allowing them to read sensor data or send false commands to monitored sites.
Who's at risk
Water utilities and municipal electric utilities operating Adcon A840 telemetry gateway base stations for remote monitoring of SCADA-connected sites (reservoirs, pump stations, substations, weather stations) should implement compensating controls immediately. The A840 is commonly used in legacy telemetry networks across North America.
How it could be exploited
An attacker on the network sends an authentication request to the A840 gateway using published default credentials. Once authenticated, the attacker can read hardcoded credentials stored in the device configuration or intercept plaintext communications to downstream telemetry devices, gaining access to the monitoring and control functions of the water or utility infrastructure.
Prerequisites
- Network access to the A840 gateway management interface or communication ports
- Knowledge of default credentials (documented in product materials or publicly disclosed)
- No requirement for valid engineering credentials; default credentials are pre-set by the vendor
Remotely exploitableNo authentication required (default credentials)Low complexity attackNo patch availableHardcoded credentialsUnencrypted communicationsDefault passwordsEnd-of-life product
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
A840 Telemetry Gateway Base Station: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3HARDENINGNetwork segmentation: Place the A840 gateway on an isolated network segment accessible only to authorized personnel. Restrict inbound network access to management ports using firewall rules based on source IP and port.
WORKAROUNDChange all default credentials on the A840 gateway immediately. Set strong, unique passwords for all administrative accounts and disable any unnecessary service accounts.
HARDENINGImplement network monitoring and logging of all communications to and from the A840 gateway. Log all authentication attempts and configuration changes for forensic review.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGDisable unnecessary remote access protocols (SSH, Telnet, HTTP) if not required for operations. Use encrypted management channels only (HTTPS or SSH with key-based authentication).
Mitigations - no patch available
0/1A840 Telemetry Gateway Base Station: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate migration to a newer telemetry gateway product from Adcon or an alternative vendor that supports modern security practices, as A840 is end-of-life and will not receive vendor security updates.
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/950df288-6a0f-476e-acfe-d0ee10700640