ENTTEC Lighting Controllers

Plan Patch7.5ICS-CERT ICSA-19-085-03Mar 26, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ENTTEC Storm 24, Pixelator, and Datagate MK2 lighting controllers are vulnerable to unauthenticated remote reboot attacks. An attacker on the network can send a specially crafted request that crashes the device, forcing a reboot. By repeating this attack, an attacker can create a continuous denial of service, preventing legitimate lighting commands from being executed. The vulnerability exists in firmware versions prior to the March 2019 revB releases (firmware versions 70050_update_05032019-482 for Storm 24, 70060_update_05032019-482 for Pixelator, and 70044_update_05032019-482 for Datagate MK2). Affected devices are control systems used for DMX lighting and addressable LED pixel control in theaters, broadcast facilities, venues, and event spaces.

What this means

What could happen

An attacker can remotely reboot these lighting control devices without authentication, causing repeated outages that disable DMX lighting or LED pixel control systems and prevent legitimate operator commands from being executed.

Who's at risk

Venues, theater productions, concerts, and broadcast facilities that rely on ENTTEC lighting controllers (Storm 24, Pixelator, Datagate MK2) for stage lighting, LED displays, or DMX control. Any facility where repeated loss of lighting control would disrupt operations or safety (emergency lighting).">

How it could be exploited

An attacker on the network sends a crafted request to the device's network interface (no authentication required). The device crashes and reboots, creating a denial of service. By repeating this, an attacker can keep the lighting system offline indefinitely.

Prerequisites

["Network access to the device's network port (likely Ethernet/DMX)"),"No credentials required","Device must be reachable from attacker's network position"]

Remotely exploitableNo authentication requiredLow complexity attackAffects entertainment and broadcast operationsDefault/network-exposed configuration risk

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Storm 24: all firmware prior to 70050_update_05032019-482< 70050 update 05032019-48270050_update_05032019-482

Datagate MK2: all firmware prior to 70044_update_05032019-482< 70044 update 05032019-48270044_update_05032019-482

Pixelator: all firmware prior to 70060_update_05032019-482< 70060 update 05032019-48270060_update_05032019-482

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDFirewall these devices: block all inbound network access except from authorized control stations (lighting boards, engineering workstations)

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Storm 24 firmware to 70050_update_05032019-482 or later

HOTFIXUpgrade Pixelator firmware to 70060_update_05032019-482 or later

HOTFIXUpgrade Datagate MK2 firmware to 70044_update_05032019-482 or later

Long-term hardening

0/2

HARDENINGSegment lighting control network from business network with a firewall or air gap

HARDENINGUse VPN for remote access to lighting control systems instead of direct Internet exposure

CVEs (1)

CVE-2019-6542

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d719da91-51f0-49aa-ada8-87158bd7254a