OTPulse
FeedAboutContact

Systech NDS-5000 Terminal Server

Monitor6.8ICS-CERT ICSA-20-079-01Mar 19, 2020
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionRequired
Summary

NDS-5000 Terminal Server contains a vulnerability (CWE-79) that could allow information disclosure, limit system availability, and may allow remote code execution. The issue affects NDS/5008 8-port models running firmware version 02D.30 or earlier.

What this means
What could happen
An attacker with high privileges could disclose sensitive information from the terminal server, disrupt its availability, or potentially execute arbitrary commands that could affect connected industrial devices and communications.
Who's at risk
Water utilities, electric utilities, and other industrial facilities using Systech NDS-5000 terminal servers (especially 8-port RJ45 models) for console management and device communications should prioritize this vulnerability, as terminal servers are critical for managing and monitoring industrial control systems.
How it could be exploited
An attacker with high-privilege access (e.g., administrative credentials) could exploit this vulnerability through a web interface interaction, potentially leading to information disclosure or code execution on the terminal server, which could then be used to pivot to connected control systems or communication networks.
Prerequisites
  • Administrative or high-privilege credentials on the NDS-5000 terminal server
  • Network access to the web management interface
  • User interaction (administrator clicking a malicious link or accepting a social engineering prompt)
requires high-privilege credentialsuser interaction requiredlow attack complexitypotential for remote code executionaffects critical communication infrastructure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
NDS-5000 Terminal Server NDS/5008 (8 Port RJ45): firmware02D.30firmware 02F.6 or later
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict administrative access to the NDS-5000 management interface using network segmentation and firewall rules; limit who can reach the web management interface
HARDENINGTrain staff to recognize and avoid social engineering attacks, phishing emails, and suspicious web links
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate NDS-5000 firmware to version 02F.6 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5030021e-29f4-4d99-bae9-3f07f67d9e9d
Systech NDS-5000 Terminal Server | CVSS 6.8 - OTPulse