OTPulse
FeedAboutContact

Detcon SiteWatch Gateway

Act Now9.1ICS-CERT ICSA-17-136-01May 16, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SiteWatch Gateway contains authentication and password storage vulnerabilities (CWE-287, CWE-256) that allow unauthenticated remote access to device functionality. The vulnerabilities affect all versions of the SiteWatch Gateway with no vendor patch available.

What this means
What could happen
An attacker can gain full remote access to the SiteWatch Gateway without credentials, potentially enabling unauthorized monitoring, modification of alarm thresholds, or disruption of the gateway's data aggregation and alerting functions for industrial sites.
Who's at risk
Water utilities, electrical substations, and other industrial facilities using Detcon SiteWatch Gateway for remote site monitoring and alarm aggregation. Facilities relying on this device for supervisory alerting and data collection are at risk of unauthorized access and potential operational disruption.
How it could be exploited
An attacker on the network or internet can connect directly to the SiteWatch Gateway's remote management interface and bypass authentication due to weak password handling (CWE-256) and insufficient authentication checks (CWE-287). No credentials or special technical knowledge is required to gain access.
Prerequisites
  • Network access to the SiteWatch Gateway (default remote management port)
  • No valid credentials needed
remotely exploitableno authentication requiredlow complexityno patch availablecritical CVSS score (9.1)
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
All SiteWatch Gateway:All versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the SiteWatch Gateway using a firewall - only allow connections from authorized engineering workstations and control systems
WORKAROUNDDisable remote management access on the SiteWatch Gateway if not actively required for operations
Long-term hardening
0/2
HARDENINGPlace the SiteWatch Gateway on a separate network segment (demilitarized zone or industrial network) isolated from corporate IT networks and the internet
HARDENINGMonitor all network connections to the SiteWatch Gateway for suspicious activity or unauthorized access attempts
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/55e4cf4e-7e19-43b4-8f06-8314d6ea19c2
Detcon SiteWatch Gateway | CVSS 9.1 - OTPulse