ICSA-17-236-01_Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455

Act Now10ICS-CERT ICSA-17-236-01Aug 24, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Westermo MRD-series industrial Ethernet switches (MRD-305-DIN, MRD-315, MRD-355, MRD-455) contain multiple critical vulnerabilities in their web management interface. The devices use hardcoded credentials and are vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing unauthenticated network attackers to gain complete control. The affected firmware versions are above 1.7.5.0. No security update has been released by Westermo. These vulnerabilities allow an attacker to authenticate to the management interface without valid credentials and execute arbitrary commands on the switch, potentially compromising all network traffic passing through the device.

What this means

What could happen

An attacker with network access could gain complete control of these industrial network switches without needing credentials, allowing them to intercept, modify, or block all traffic passing through the device and disrupt communications between plant control systems.

Who's at risk

This affects operators of water systems, utilities, manufacturing, and other critical infrastructure that rely on Westermo MRD-305-DIN, MRD-315, MRD-355, or MRD-455 industrial managed switches for network communication. These devices are commonly deployed in DIN-rail control cabinets to connect PLCs, RTUs, and SCADA systems.

How it could be exploited

An attacker sends specially crafted network packets to the exposed management interface (likely port 80 or 443). The switch contains hardcoded credentials and does not properly validate requests, allowing the attacker to authenticate and execute arbitrary commands on the device from any networked location.

Prerequisites

Network access to the Westermo MRD device management interface
No valid credentials required; hardcoded credentials or CSRF bypass allows unauthorized access
Device firmware version above 1.7.5.0

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableCVSS 10 critical severityAffects industrial network infrastructureHardcoded credentials vulnerability

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

MRD-305-DIN:> 1.7.5.0No fix (EOL)

MRD-315 MRD-355 MRD-455:> 1.7.5.0No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDIf available, downgrade firmware to version 1.7.5.0 or earlier as a temporary measure until Westermo issues a patch

HARDENINGImplement network segmentation to restrict direct access to the MRD device management interface from untrusted networks and non-engineering personnel

HARDENINGDeploy firewall rules to limit inbound connections to management ports (80, 443, likely others) to authorized engineering workstations only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the affected devices for unusual access patterns or command execution

HARDENINGContact Westermo to confirm end-of-life status and request timeline for security patches

CVEs (3)

CVE-2017-12703 CVE-2017-12709 CVE-2016-5816

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5bb02c43-17b8-436f-ba1f-93ca54e6e9e9