Entes EMG 12

Act Now9.8ICS-CERT ICSA-18-275-03Oct 2, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Entes EMG12 Ethernet Modbus Gateway (firmware version 2.57 and earlier) contains authentication and access control vulnerabilities (CWE-287, CWE-598) that allow unauthenticated remote attackers to gain unauthorized access and modify device configuration or settings. The vulnerabilities exist in the device's handling of Ethernet-based requests and credential validation. An attacker who can reach the device on the network can exploit these flaws without valid credentials or user interaction. Successfully exploited, these vulnerabilities could allow an attacker to alter Modbus gateway settings, reroute communications, or disable critical control functions.

What this means

What could happen

An attacker could gain unauthorized access to the EMG12 gateway and change its configuration or settings, potentially altering Modbus communication routes, disabling monitoring, or redirecting control commands to affect connected field devices.

Who's at risk

Water treatment plants, municipal electric utilities, and any industrial facility using Modbus-based control networks should prioritize this issue. The EMG12 is a gateway between modern Ethernet networks and legacy Modbus field devices (sensors, motors, pumps); unauthorized configuration changes could disrupt process automation or blind operators to equipment status.

How it could be exploited

An attacker on the network sends unauthenticated requests to the EMG12 Ethernet interface (default port 502 or management port). The device lacks proper authentication checks, allowing the attacker to issue commands that modify gateway settings or extract configuration data.

Prerequisites

Network access to the EMG12 device (Ethernet port 502 or management interface)
No valid credentials required
Device must be reachable from attacker's network segment

remotely exploitableno authentication requiredlow complexityhigh EPSS score (>10%)no patch availableaffects Modbus communication integrity

Exploitability

High exploit probability (EPSS 24.2%)

Affected products (1)

ProductAffected VersionsFix Status

EMG12 Ethernet Modbus Gateway: Firmware≤ 2.57No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate the EMG12 device on a separate control network behind a firewall; restrict inbound traffic to only authorized engineering and master stations

WORKAROUNDDisable remote access to the EMG12 unless absolutely required; if remote access is needed, implement a VPN with strong authentication and encryption, keeping VPN firmware updated

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Entes technical support (tel: +90-216-313-0110 or teknikdestek@entes.com.tr) to request and schedule a firmware update to a version newer than 2.57

Mitigations - no patch available

0/1

EMG12 Ethernet Modbus Gateway: Firmware has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network monitoring and access logging for all connections to the EMG12 to detect unauthorized configuration changes

CVEs (2)

CVE-2018-14826 CVE-2018-14822

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c2aaecb0-506a-4c90-a194-a5a9d355e927