GAIN Electronic Co. Ltd SAGA1-L Series

Plan Patch8.3ICS-CERT ICSA-18-296-02Oct 23, 2018

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

GAIN Electronic SAGA1-L Series SAGA1-L8B controller contains authentication and access control vulnerabilities (CWE-294, CWE-284, CWE-287) that could allow remote code execution and firmware deletion. Firmware versions prior to A0.10 are affected. Successful exploitation could allow an attacker to alter process logic, stop operations, or corrupt the device firmware. No public exploits are currently known.

What this means

What could happen

An attacker with access to the SAGA1-L8B controller could execute arbitrary code on the device, potentially altering process logic, stopping operations, or corrupting the firmware permanently.

Who's at risk

Manufacturing facilities, water treatment plants, and utility operators using GAIN Electronic SAGA1-L8B series programmable logic controllers (PLCs) and industrial automation equipment should review this advisory, particularly those with devices directly accessible from maintenance networks or with shared facility access.

How it could be exploited

An attacker with local network or physical access to the SAGA1-L8B could send a specially crafted command or malicious input to trigger code execution. The vulnerability requires no authentication, allowing direct exploitation once the device is reachable.

Prerequisites

Local or adjacent network access to the SAGA1-L8B device
Physical access to the device location (for some attack vectors)
No valid credentials required

No authentication requiredLow complexity attackAffects industrial control logicPhysical security bypass potentialCode execution and firmware deletion capability

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

SAGA1-L8B: all< A0.10A0.10

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGEnsure the SAGA1-L8B is installed in a physically secure area with access controls to prevent unauthorized physical interaction

HARDENINGRestrict network access to the SAGA1-L8B to only authorized devices and workstations; use a firewall to limit inbound connections

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SAGA1-L8B firmware to version A0.10 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the SAGA1-L8B from corporate IT networks and untrusted zones

CVEs (3)

CVE-2018-17903 CVE-2018-17921 CVE-2018-17923

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f8309c64-857a-4596-9845-f0716089ebc5