ControlByWeb X-320M

Plan Patch7.6ICS-CERT ICSA-19-017-03Jan 17, 2019

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ControlByWeb X-320M network relay device versions 1.05 and prior contain authentication and input validation flaws (CWE-287, CWE-79) that allow an authenticated attacker to execute arbitrary code. Successful exploitation could compromise control of remote switches and power outlets and may require physical factory reset to restore normal operation.

What this means

What could happen

An attacker with network access and valid credentials could execute arbitrary code on the X-320M device, potentially altering remote switch or sensor control operations and requiring a factory reset to recover.

Who's at risk

Water utilities, electric utilities, and HVAC operators who manage remote switches and power outlets via ControlByWeb X-320M network relay devices should prioritize patching and network isolation of these devices.

How it could be exploited

An attacker with network access to the X-320M and valid credentials exploits an authentication bypass or input validation flaw to upload and execute arbitrary code on the device, compromising control of remote switches, sensors, or power outlets managed by the device.

Prerequisites

Network access to X-320M on port 80 or 8080 (HTTP management interface)
Valid administrative credentials or ability to bypass authentication
X-320M firmware v1.05 or earlier

remotely exploitablerequires valid credentialsno authentication bypass confirmed but CWE-287 suggests weak autharbitrary code execution possiblelow complexity attackrequires factory reset to recover

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

X-320M-I firmware: revision v1.05 and prior≤ 1.051.06

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to X-320M management interface using firewall rules; allow only from trusted engineering workstations or management networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate X-320M firmware to version 1.06 or later from https://www.controlbyweb.com/firmware/X320M_V1.06_firmware.zip

Long-term hardening

0/2

HARDENINGPlace X-320M on isolated OT network segment behind firewall, not accessible from corporate network or internet

HARDENINGIf remote access is required, use VPN with strong authentication and encryption; ensure VPN is kept current with vendor security updates

CVEs (2)

CVE-2018-18881 CVE-2018-18882

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/311db4dd-191f-418e-90a2-0242f61967a4