Advantech B+B SmartWorx MESR901

Act Now9.8ICS-CERT ICSA-17-122-03May 2, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Advantech B+B SmartWorx MESR901 remote terminal unit (RTU) contains a remote code execution vulnerability (CWE-603) in firmware versions 1.5.2 and earlier. An attacker with network access to the device can execute arbitrary code without authentication, potentially leading to full device compromise and loss of control over electrical distribution or other monitored assets.

What this means

What could happen

An attacker could execute arbitrary commands on the MESR901 device, potentially causing the RTU to send false sensor readings, drop communications with the central control system, or be repurposed to attack other equipment on your network. If the device controls valve actuators, circuit breaker commands, or other critical infrastructure, operations could be disrupted or disabled.

Who's at risk

Water and electric utilities operating Advantech MESR901 remote terminal units (RTUs) or similar B+B SmartWorx devices for distribution automation, SCADA monitoring, and remote sensor data collection. This affects any facility using these devices for process monitoring or remote equipment control in electrical substations, water treatment plants, or industrial facilities.

How it could be exploited

An attacker with network access to the MESR901 (port 502 for Modbus TCP or other configured ports) can send a specially crafted packet that exploits an input validation flaw to inject and execute arbitrary code. No authentication or special credentials are required.

Prerequisites

Network connectivity to the MESR901 device on its listening port (typically Modbus TCP port 502 or proprietary management port)
No authentication credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety/SCADA systems

Exploitability

Moderate exploit probability (EPSS 1.6%)

Affected products (1)

ProductAffected VersionsFix Status

MESR901: firmware≤ 1.5.2No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate MESR901 devices on a dedicated OT network segment behind a firewall that blocks inbound connections from corporate/untrusted networks. Restrict access to management ports to authorized engineering workstations only.

WORKAROUNDImplement network-level access controls: restrict inbound traffic to the MESR901 to only trusted central SCADA/monitoring systems and engineering workstations. Block all inbound ports except those required for Modbus/device communication.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGDeploy continuous network monitoring to detect unauthorized access attempts or anomalous commands to MESR901 devices. Alert on any inbound connections from outside your authorized OT network.

Mitigations - no patch available

0/1

MESR901: firmware has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGContact Advantech to confirm whether firmware 1.5.2 is end-of-life and obtain guidance on replacement options. Evaluate upgrading to a newer B+B SmartWorx model or alternative RTU with current security support if available.

CVEs (1)

CVE-2017-7909

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e77429ae-a1a6-42cf-8218-1dc642638753