CyberVision Kaa IoT Platform

Monitor6.3ICS-CERT ICSA-17-122-02May 2, 2017

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

CyberVision's Kaa IoT Platform version 0.7.4 contains a vulnerability (CWE-1061) that allows an authenticated attacker to read sensitive data, modify configuration, or disrupt platform services via remote network access with low exploitation complexity. The vendor has been unresponsive to disclosure requests and has not released any security updates or mitigations.

What this means

What could happen

An authenticated attacker could read sensitive data, modify configuration, or disrupt IoT platform services on your network. This could affect any operational systems connected to the platform for monitoring or control.

Who's at risk

Water utilities, electric utilities, and other infrastructure operators using CyberVision's Kaa IoT Platform (version 0.7.4) for remote monitoring or control of SCADA sensors, telemetry gateways, or data collection systems are affected. This includes any organization relying on Kaa for IoT device management in OT environments.

How it could be exploited

An attacker with valid credentials can remotely access the Kaa IoT Platform over the network without requiring user interaction. The attacker can then read data, modify settings, or disrupt availability of connected IoT devices and sensors.

Prerequisites

Valid authentication credentials to the Kaa IoT Platform
Network access to the Kaa Platform instance (typically port 8080 or similar)
Low technical skill required to exploit

remotely exploitableauthentication requiredlow complexityno patch availablevendor unresponsiveaffects IoT/control system connectivity

Exploitability

Moderate exploit probability (EPSS 6.6%)

Affected products (1)

ProductAffected VersionsFix Status

Kaa IoT Platform:0.7.4No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement network segmentation to restrict access to the Kaa Platform from only trusted engineering workstations and approved IoT devices

Mitigations - no patch available

0/3

Kaa IoT Platform: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate or decommission Kaa IoT Platform version 0.7.4 if no longer required for operations

HARDENINGEnforce strong password policies and monitor for unauthorized access attempts to Kaa Platform accounts

HARDENINGEvaluate alternative IoT platforms with active vendor support and security patching

CVEs (1)

CVE-2017-7911

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9ddb318a-f871-4bc1-b3db-70c0c51ea2a0