Black Box AlertWerks ServSensor Credential Management Vulnerability
Monitor6.5ICS-CERT ICSA-16-147-03Feb 27, 2016
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Black Box AlertWerks ServSensor devices contain an information disclosure vulnerability that allows authenticated users with valid engineering or administrative credentials to access sensitive configuration data that should be restricted. The vulnerability exists in the credential management implementation and affects multiple AlertWerks ServSensor model variants (EME105A, EME106A, EME108A-R2, EME109A-R2, EME110A-R2, EME102A-R2, EME103A-R2, EME104A-R2, EME152A, EME153A, EME154A, EME155A, EME158A, and EME111A/112A/113A Contact series) running firmware versions prior to SP473. Black Box has not released a firmware update to address this vulnerability.
What this means
What could happen
An attacker with valid credentials can view sensitive information stored on the AlertWerks ServSensor device, potentially exposing configuration details, monitoring thresholds, or other system parameters used to manage facility infrastructure.
Who's at risk
Organizations operating Black Box AlertWerks ServSensor environmental monitoring devices across their data centers, network closets, or critical infrastructure facilities should assess their exposure. This affects all versions of the ServSensor product line (standard, Junior, Junior with PoE, and Contact models) running firmware SP473 or earlier. Environmental monitoring devices are commonly deployed in unattended locations to track temperature, humidity, and other conditions critical to equipment uptime.
How it could be exploited
An attacker with valid engineering or administrative credentials can authenticate to the AlertWerks ServSensor via network access (HTTP/HTTPS or management interface) and read sensitive data such as configuration settings, system parameters, or stored credentials without proper access controls.
Prerequisites
- Valid engineering or administrative credentials for the AlertWerks ServSensor device
- Network access to the device's management interface (HTTP/HTTPS port or proprietary management port)
- Device running firmware version SP473 or earlier
Requires valid credentialsRequires network access to management interfaceNo patch availableLow complexity attack
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (19)
19 pending
ProductAffected VersionsFix Status
Black Box’s AlertWerks ServSensor, model number EME105A: <firmware_SP473<firmware SP473No fix yet
Black Box’s AlertWerks ServSensor, model number EME106A: <firmware_SP473<firmware SP473No fix yet
Black Box’s AlertWerks ServSensor, model number EME108A-R2: <firmware_SP473<firmware SP473No fix yet
Black Box’s AlertWerks ServSensor, model number EME109A-R2: <firmware_SP473<firmware SP473No fix yet
Black Box’s AlertWerks ServSensor, model number EME110A-R2: <firmware_SP473<firmware SP473No fix yet
Remediation & Mitigation
0/5
Do now
0/3HARDENINGRestrict network access to the AlertWerks ServSensor management interface using firewall rules to only authorized engineering workstations and administrative networks
HARDENINGEnforce strong, unique credentials for all AlertWerks ServSensor administrative accounts and change default credentials if they exist
WORKAROUNDDisable remote management access if not required for normal operations
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor access logs for the AlertWerks ServSensor and alert on unauthorized authentication attempts
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate AlertWerks ServSensor devices on a separate management network with restricted access from general IT networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f7acb32d-f49a-4a14-b5b0-daf92f9142e9