Adcon Telemetry A850 Telemetry Gateway Base Station Vulnerabilities

Act Now9.8ICS-CERT ICSA-16-343-03Sep 11, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Adcon A850 Telemetry Gateway Base Station is vulnerable to unauthenticated remote code execution via improper input validation (CWE-79). An attacker can exploit this flaw to execute arbitrary commands with root privileges on the device. All versions of the A850 are affected, and the vendor has not provided a patch. This vulnerability impacts telemetry data collection, sensor network integrity, and remote monitoring capabilities in water utilities and critical infrastructure environments.

What this means

What could happen

An unauthenticated attacker on your network could execute arbitrary code on the A850 Telemetry Gateway with root-level privileges, potentially disrupting telemetry data collection, modifying sensor readings, or taking complete control of the device's operations.

Who's at risk

Water authorities and utilities using the Adcon A850 Telemetry Gateway for remote monitoring of sensors, water levels, pressure, or environmental conditions. This affects any organization relying on the A850 for data collection from remote SCADA nodes or sensor networks.

How it could be exploited

An attacker with network access to the A850's web interface could send a specially crafted request exploiting a command injection flaw in the input validation. This would allow them to execute system commands directly on the device without needing any credentials or user interaction.

Prerequisites

Network access to the A850 Telemetry Gateway Base Station (typically ports 80/443 for web interface)
A850 device must be exposed to the attacker's network segment

remotely exploitableno authentication requiredlow complexityno patch availableaffects data integrity and availability

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

A850 Telemetry Gateway Base Station: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation: place the A850 on an isolated operational technology (OT) network segment with strict firewall rules allowing only authorized connections from SCADA/HMI systems and remote monitoring stations

WORKAROUNDRestrict network access to the A850 web interface to only known, trusted IP addresses using firewall rules or ACLs

WORKAROUNDDisable remote access to the A850 web interface if not required for operations; use local console or in-band management only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor the A850 for unexpected command execution, configuration changes, and abnormal data transmissions

Mitigations - no patch available

0/1

A850 Telemetry Gateway Base Station: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDevelop and test a contingency plan for telemetry gateway failure, including manual data collection and reporting procedures

CVEs (1)

CVE-2016-2274

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/761e3c12-a36b-41d1-b3cc-105738bd938b