American Auto-Matrix Front-End Solutions Vulnerabilities

Plan Patch8.6ICS-CERT ICSA-16-273-01Jul 3, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Aspect-Nexus and Aspect-Matrix Building Automation Front-End Solutions contain authentication bypass and insecure credential storage vulnerabilities (CWE-98, CWE-256) that allow unauthenticated remote attackers to access the web interface without valid credentials. All versions of Aspect-Matrix and Aspect-Nexus versions prior to 3.0.0 are affected. An attacker could gain unauthorized access to building automation controls and configuration data.

What this means

What could happen

An attacker could gain unauthorized access to building automation systems without credentials, potentially allowing them to view or modify HVAC, lighting, or access control settings that affect facility operations and occupant safety.

Who's at risk

Healthcare facilities and any organization operating Aspect-Nexus or Aspect-Matrix building automation systems should be concerned. These systems typically control HVAC, lighting, emergency systems, and physical access—all critical to facility operations and patient safety in hospitals and medical centers.

How it could be exploited

An attacker on the network can send crafted requests to the web interface of the front-end application (port 80/443 typical) to bypass authentication or extract sensitive configuration data. No valid credentials are required; the flaw allows direct access to backend functionality through improper input validation (CWE-98) and weak credential storage (CWE-256).

Prerequisites

Network access to the building automation front-end web interface (typically port 80 or 443)
No credentials or authentication required

remotely exploitableno authentication requiredlow complexityno patch availableaffects facility operations and safety systems

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Aspect-Nexus Building Automation Front-End Solutions: <3.0.0<3.0.0No fix (EOL)

Aspect-Matrix Building Automation Front-End Solutions: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to building automation front-end consoles using firewall rules; allow only authorized engineering workstations and administrative subnets

WORKAROUNDDisable remote access to the front-end application; require direct console access only from a physically isolated management network

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDeploy a web application firewall (WAF) in front of the front-end interface to block malformed requests and credential bypass attempts

WORKAROUNDMonitor vendor communications for future security updates; contact ABB directly to confirm whether a patch will be released

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Aspect-Nexus Building Automation Front-End Solutions: <3.0.0, Aspect-Matrix Building Automation Front-End Solutions: vers:all/*. Apply the following compensating controls:

HARDENINGSegment building automation systems onto a separate VLAN with strict access controls; monitor for unusual connections to the front-end application

CVEs (2)

CVE-2016-2307 CVE-2016-2308

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/09614c7d-f69f-4dd2-818c-013027d79b5b