Kunbus PR100088 Modbus Gateway (Update B)

Plan PatchCVSS 10ICS-CERT ICSA-19-036-05Feb 5, 2019

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Kunbus PR100088 Modbus gateway contains multiple input validation and authentication bypass vulnerabilities (CWE-287, CWE-306, CWE-20, CWE-598, CWE-312) that allow remote code execution and denial-of-service. An attacker can send crafted Modbus TCP packets to the gateway without credentials or special setup to achieve these impacts. The gateway is typically deployed in industrial networks to bridge supervisory systems to field equipment over Modbus TCP. Kunbus states these devices are designed for protected industrial networks, not Internet-facing deployment. A patch is available for Version R03 or later.

What this means

What could happen

An attacker with network access to the gateway could run arbitrary commands on the device or crash it, disrupting Modbus communication between your industrial network and connected equipment. This could stop real-time control of pumps, motors, valves, or other field devices.

Who's at risk

Water utilities, municipalities, and industrial plants that use the Kunbus PR100088 Modbus gateway to link supervisory control systems or HMIs to field devices (pumps, motors, valves, PLCs) over Modbus TCP. This gateway is often deployed at the edge of industrial networks and directly controls real-time operations.

How it could be exploited

An attacker on the network sends a malformed Modbus TCP request to the gateway's exposed port 502. The gateway fails to validate input or enforce authentication, allowing the attacker to inject code or send commands that crash the service. No valid credentials or special configuration is required.

Prerequisites

Network access to the PR100088 gateway (typically port 502 for Modbus TCP)
Device is reachable from an untrusted network segment or the Internet

remotely exploitableno authentication requiredlow complexity attackaffects real-time control of industrial devicesno patch available for older hardware versions (only firmware update available)

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

PR100088 Modbus gateway: All< R02 (or Software Version 1.1.13166)R03

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate the PR100088 gateway behind a firewall; restrict inbound access to port 502 from authorized industrial network segments only

HARDENINGVerify the device is not reachable from the Internet or any untrusted network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PR100088 Modbus gateway to firmware Version R03 or later

Long-term hardening

0/2

HARDENINGSegment the industrial network containing this gateway from the business network

HARDENINGIf remote access to the gateway is required, use a VPN with strong authentication and keep VPN software fully patched

CVEs (5)

CVE-2019-6527 CVE-2019-6533 CVE-2019-6529 CVE-2019-6531 CVE-2019-6549

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/45c88224-51a7-4ba7-993f-f7719d098183

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.