OTPulse
FeedAboutContact

Hetronic Nova-M

Plan Patch7.6ICS-CERT ICSA-19-003-03Jan 3, 2019
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Hetronic Nova-M wireless remote control systems are vulnerable to command replay attacks. An attacker within radio range can capture and retransmit control commands to lift or lower connected equipment without needing the original transmitter. The vulnerability affects the Nova-M transmitter and receivers (BMS-HL, ES-CAN-HL, MLC, DC Mobile). Successful exploitation allows unauthorized users to view commands, replay commands, control the device, or stop the device from running. All versions prior to the patched firmware versions are affected. No known public exploits currently exist for this vulnerability.

What this means
What could happen
An attacker with radio range could replay previously captured commands to control or stop wireless remote operation of Hetronic lifting equipment, potentially causing equipment to move unexpectedly or halt during critical operations.
Who's at risk
This affects any organization using Hetronic Nova-M wireless remote control systems for lifting and material handling operations, including construction, port operations, warehousing, and heavy equipment management. Anyone operating equipment controlled by these wireless transmitters and receivers should prioritize this fix.
How it could be exploited
An attacker within radio range captures wireless command transmissions from Hetronic Nova-M transmitters, then replays those captured commands to receivers on the same frequency. Since the system lacks proper authentication, the replayed commands are accepted as legitimate, allowing the attacker to control connected equipment without needing the original transmitter.
Prerequisites
  • Radio range to the affected Hetronic receiver (AV:A - adjacent network)
  • Line-of-sight or near line-of-sight to operating transmitter to capture commands
  • No credentials required
remotely exploitable (radio-based)no authentication requiredlow complexitycommand replay enables full device controlaffects safety-critical lifting operations
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (5)
5 with fix
ProductAffected VersionsFix Status
Nova-M: all< r161r161
ES-CAN-HL: all< Main r1864 Estop v24Main r1864, Estop_v24
BMS-HL: all< Main r1175 Estop v24Main r1175, Estop_v24
MLC: all< Main r1600 Estop v24Main r1600, Estop_v24
DC Mobile: all< Main r515 Estop v24Main r515, Estop_v24
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Nova-M transmitter firmware to r161 or later
HOTFIXUpdate ES-CAN-HL receiver firmware to Main r1864, Estop_v24 or later
HOTFIXUpdate BMS-HL receiver firmware to Main r1175, Estop_v24 or later
HOTFIXUpdate MLC receiver firmware to Main r1600, Estop_v24 or later
HOTFIXUpdate DC Mobile receiver firmware to Main r515, Estop_v24 or later
Long-term hardening
0/1
HARDENINGRestrict radio frequency usage to designated, controlled zones and consider physical barriers to reduce unintended radio range
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/2f6cd435-919e-4799-993d-266df73e2cf8
Hetronic Nova-M | CVSS 7.6 - OTPulse