Mirion Technologies Telemetry Enabled Devices
Monitor5ICS-CERT ICSA-17-208-02Jul 27, 2017
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Mirion Technologies telemetry-enabled transmitter modules and boundary monitors contain weak cryptographic implementations (CWE-321: Improper Restriction of Rendered UI Layers or Frames, CWE-326: Inadequate Encryption Strength) that allow attackers with network access to intercept and potentially modify telemetry data in transit. Affected devices include DMC 3000 Transmitter Module, iPam Transmitter for DMC 2000, RDS-31 iTX variants, DRM-1/2 variants with solar packages, DRM and RDS-based boundary monitors, external transmitters, Telepole II, and MESH Repeater systems. The vendor has indicated no fix will be provided for these devices.
What this means
What could happen
An attacker with network access to these telemetry devices could intercept or modify transmitted data, potentially causing false readings in radiation monitoring systems or other critical telemetry functions that operators rely on for safety decisions.
Who's at risk
Radiation monitoring facilities, nuclear plants, research institutions, and environmental monitoring operations that use Mirion telemetry transmitter modules (DMC, iPam, RDS-31, DRM, MESH Repeater, and Telepole systems) for remote data collection and reporting should be concerned. These devices are typically deployed in safety-critical monitoring roles where data integrity directly affects operational decisions.
How it could be exploited
An attacker on the same network segment (local area network, VPN, or compromised upstream system) could intercept unencrypted or weakly encrypted telemetry communications between the transmitter modules and receiving stations, reading sensitive data or injecting false telemetry values to trigger incorrect alarms or mask actual hazardous conditions.
Prerequisites
- Network access to the same network segment as the telemetry device
- Ability to passively or actively intercept network traffic (man-in-the-middle position)
- Knowledge of the telemetry protocol used by the device
No patch available from vendorAffects safety systems (radiation/environmental monitoring)Weak cryptography (CWE-321, CWE-326)Low CVSS score but medium severity due to safety system impactAffects multiple product families with no planned remediation
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (8)
8 EOL
ProductAffected VersionsFix Status
Telemetry Enabled Devices - iPam Transmitter f/DMC 2000,iPam Transmitter f/DMC 2000,No fix (EOL)
Telemetry Enabled Devices - RDS-31 iTX and variants (incl. RSD31-AM Package),RDS-31 iTX and variants (incl. RSD31-AM Package),No fix (EOL)
Telemetry Enabled Devices - DRM-1/2 and variants (incl. Solar PWR Package),DRM-1/2 and variants (incl. Solar PWR Package),No fix (EOL)
Telemetry Enabled Devices - DRM and RDS Based Boundary Monitors,DRM and RDS Based Boundary Monitors,No fix (EOL)
Telemetry Enabled Devices - External Transmitters,External Transmitters,No fix (EOL)
Telemetry Enabled Devices - Telepole II, andTelepole II, andNo fix (EOL)
Telemetry Enabled Devices - MESH RepeaterMESH RepeaterNo fix (EOL)
Telemetry Enabled Devices - DMC 3000 Transmitter Module,DMC 3000 Transmitter Module,No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3HARDENINGIsolate telemetry devices on a separate network segment with strict firewall rules limiting communication to authorized receiving stations only
HARDENINGImplement network encryption (TLS/SSL VPN or wireless encryption) for all telemetry transmissions between devices and receivers
HARDENINGDocument all affected telemetry devices and their network connections to support vulnerability tracking and compensating controls
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor telemetry traffic for anomalies such as unexpected data values, transmission source changes, or communication pattern deviations
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4e677be9-1455-47e2-abf4-a8b57abbb078