Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller

Monitor5.3ICS-CERT ICSA-17-152-01Jun 1, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The PowerAgent SC3 Building Management System contains a hardcoded credentials or sensitive information disclosure vulnerability (CWE-259). An attacker can remotely read sensitive data from the device without authentication, potentially obtaining credentials used by the building management system. The vulnerability is remotely exploitable with low skill level required.

What this means

What could happen

An attacker with network access to the PowerAgent SC3 could read sensitive information on the device, potentially obtaining credentials or configuration details used by the building management system.

Who's at risk

Building automation and energy management operators should care about this vulnerability. It affects PowerAgent SC3 Building Management Systems used in energy facilities and large buildings for monitoring HVAC, lighting, and other critical building systems.

How it could be exploited

An attacker on the network sends unauthenticated requests to the PowerAgent SC3 to retrieve sensitive data. The device does not properly restrict access to information stored in memory or configuration files, allowing the attacker to extract credentials or system details without needing to authenticate.

Prerequisites

Network access to the PowerAgent SC3 device
No authentication required

remotely exploitableno authentication requiredlow complexityno patch available

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

PowerAgent SC3 BMS: all< 6.87No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to PowerAgent SC3 devices using firewall rules or network segmentation; only allow connections from authorized engineering workstations and management systems

Mitigations - no patch available

0/3

PowerAgent SC3 BMS: all has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDisable unnecessary services and features on the PowerAgent SC3 if they are not required for operations

HARDENINGSegment the building management system network from other corporate networks to limit lateral movement if credentials are compromised

HARDENINGMonitor and log all connections to PowerAgent SC3 devices to detect unauthorized access attempts

CVEs (1)

CVE-2017-6039

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3077ba9-1fbc-4191-8c8c-627f09374600