Crestron TSW-X60 and MC3

Act Now9.8ICS-CERT ICSA-18-221-01Aug 9, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Crestron TSW-X60 touchpanels and MC3 processors contain multiple vulnerabilities (CWE-78 command injection, CWE-284 improper access control, CWE-522 insufficient credential protection) that allow remote code execution with system privileges. The TSW-X60 affects all versions before 2.001.0037.001. The MC3 affects all versions before 1.502.0047.001. Successful exploitation allows an unauthenticated attacker to execute arbitrary commands on the device remotely.

What this means

What could happen

An attacker with network access could remotely execute arbitrary commands on Crestron touchpanels and processors with high privileges, potentially allowing control of audio/video systems, room automation, and connected building management infrastructure without authentication.

Who's at risk

Organizations using Crestron TSW-X60 touchpanels and MC3 processors for conference room control, building automation, or audio/video system management. This includes corporate offices, hotels, hospitals, and any facility managing rooms or systems through Crestron control processors.

How it could be exploited

An attacker on the network sends a specially crafted network request to the vulnerable device. The device processes the request without proper input validation or authentication checks, allowing the attacker to execute arbitrary system commands with elevated privileges.

Prerequisites

Network access to the Crestron device on its management or control interface
Device must be reachable from the attacker's network segment (no authentication required)

Remotely exploitable over networkNo authentication requiredLow attack complexityNo patch available for TSW-X60 or MC3 from vendorHigh CVSS severity (9.8)

Exploitability

Moderate exploit probability (EPSS 7.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

MC3: all< 1.502.0047.0011.502.0047.001

TSW-X60: all< 2.001.0037.0012.001.0040.01

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate Crestron control system network behind a firewall, separate from business and guest networks

HARDENINGBlock direct internet access to Crestron devices; require VPN for remote management

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade TSW-X60 firmware to version 2.001.0040.01 or later

HOTFIXUpgrade MC3 firmware to version 1.502.0047.001 or later

HARDENINGReview Crestron Article #5571 for hardening guidance and Article #5471 for vulnerability details

CVEs (4)

CVE-2018-11228 CVE-2018-11229 CVE-2018-10630 CVE-2018-13341

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bdfb366d-82eb-4c52-934d-27daf4a05062