Sierra Wireless ACEmanager Information Exposure Vulnerability

Monitor4.3ICS-CERT ICSA-16-105-01Jan 16, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Sierra Wireless ACEmanager contains an information exposure vulnerability (CWE-538) affecting ALEOS firmware version 4.4.2 and earlier on multiple gateway models (LS300, GX400, GX440, ES440, GX450, ES450). The vulnerability allows an attacker to view sensitive information through a malicious link if a user clicks it. No vendor patch is available.

What this means

What could happen

An attacker could view sensitive information (like device configuration, credentials, or network details) from a Sierra Wireless gateway device if a user opens a malicious link. This could lead to unauthorized access to your network or connected industrial systems.

Who's at risk

Water authorities and electric utilities using Sierra Wireless cellular gateways (LS300, GX400, GX440, ES440, GX450, ES450) for SCADA remote access or site-to-site connectivity should be aware that their ACEmanager management interface may leak sensitive information if users are socially engineered into clicking malicious links.

How it could be exploited

An attacker sends a user a malicious link that, when clicked, triggers the vulnerability in ACEmanager web interface. The device then exposes sensitive information (such as stored credentials or configuration details) to the attacker due to improper information disclosure protections.

Prerequisites

User must click a malicious link (social engineering required)
Access to the ACEmanager web interface port (typically HTTP/HTTPS)
Target device running ALEOS firmware version 4.4.2 or earlier

remotely exploitableno authentication required (for the vulnerability itself)user interaction required (social engineering)no patch availableinformation disclosure severity

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (6)

6 EOL

ProductAffected VersionsFix Status

LS300 running ALEOS: <=4.4.2≤ 4.4.2No fix (EOL)

GX400 running ALEOS: <=4.4.2≤ 4.4.2No fix (EOL)

GX440 running ALEOS: <=4.4.2≤ 4.4.2No fix (EOL)

ES440 running ALEOS: <=4.4.2≤ 4.4.2No fix (EOL)

GX450 running ALEOS: <=4.4.2≤ 4.4.2No fix (EOL)

ES450 running ALEOS: <=4.4.2≤ 4.4.2No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGTrain users not to click links from untrusted sources, especially those claiming to involve device management

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to restrict access to ACEmanager web interface—only authorized engineering workstations should reach the device

HARDENINGDisable remote access to ACEmanager if not actively required for operations

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: LS300 running ALEOS: <=4.4.2, GX400 running ALEOS: <=4.4.2, GX440 running ALEOS: <=4.4.2, ES440 running ALEOS: <=4.4.2, GX450 running ALEOS: <=4.4.2, ES450 running ALEOS: <=4.4.2. Apply the following compensating controls:

HARDENINGMonitor ACEmanager web logs for suspicious access patterns

CVEs (1)

CVE-2015-6479

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/110ddc95-ca11-4d6f-b765-a21a5640bae0