Korenix JetNet

Act Now9.8ICS-CERT ICSA-17-299-01Oct 26, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Korenix JetNet industrial managed switches contain hardcoded credentials and weak cryptographic key storage (CWE-321, CWE-798). The vulnerabilities affect multiple JetNet switch models running firmware versions 1.1 through 1.4a. These switches are used as network infrastructure in operational technology environments including power systems, water/wastewater treatment, and process automation.

What this means

What could happen

An attacker with network access could use hardcoded credentials to log into JetNet switches and change network configuration, disable ports, or intercept traffic. This could disrupt communication between control systems and field devices, affecting critical process operations.

Who's at risk

This affects operators of water treatment facilities, wastewater systems, electric utilities, and process automation plants that use Korenix JetNet managed switches as network infrastructure for SCADA networks, remote terminal units (RTUs), and programmable logic controller (PLC) communication.

How it could be exploited

An attacker on the network sends login requests to the JetNet switch management interface using hardcoded default credentials embedded in the firmware. Once authenticated, the attacker can access the switch configuration, modify routing rules, create port mirroring to intercept traffic, or disable specific network ports to isolate PLCs or sensors from control logic.

Prerequisites

Network access to JetNet switch management interface (typically port 80 HTTP or 443 HTTPS)
Knowledge of hardcoded username and password from firmware analysis

Remotely exploitableNo authentication required (hardcoded credentials)Low complexity to exploitNo patch available from vendorAffects critical network infrastructure

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (9)

9 EOL

ProductAffected VersionsFix Status

JetNet5728G-24P:1.4No fix (EOL)

JetNet5628G:1.4No fix (EOL)

JetNet5628G-R:1.4No fix (EOL)

JetNet5428G-2G-2FX:1.4No fix (EOL)

JetNet5018G:1.4No fix (EOL)

JetNet6710G-HVDC version: 1.1e1.1eNo fix (EOL)

JetNet5828G:1.1dNo fix (EOL)

JetNet6710G:1.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate JetNet switches from untrusted networks using network segmentation and firewalls; restrict access to management interfaces to authorized engineering workstations only

WORKAROUNDDisable remote management access (HTTP/HTTPS) on JetNet switches if not required for operations; enable management only through serial console or physically isolated in-band access

HARDENINGImplement network access control (ACLs) on upstream switches to block unauthorized users from reaching JetNet switch management ports

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor JetNet switch logs and network traffic for unauthorized login attempts or configuration changes

Long-term hardening

0/1

HOTFIXContact Korenix vendor for firmware updates when available; replace affected switches with newer firmware versions or alternative switch models that are patched

CVEs (2)

CVE-2017-14021 CVE-2017-14027

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/59618248-0909-42bc-a837-78710650a583