ENTTEC Lighting Controllers (Update A)

Plan PatchCVSS 8.8ICS-CERT ICSA-20-177-01Jun 25, 2020

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ENTTEC lighting controllers contain multiple vulnerabilities (CWE-321, CWE-79, CWE-284, CWE-732) that allow authorized users to escape privilege boundaries, inject malicious code, and execute arbitrary commands with root privileges via SSH/SCP access. Affected devices include Datagate Mk2, E-Streamer Mk2, Pixelator, and Storm 24 with firmware versions up to 70044_update_05032019-482. Successful exploitation enables full system compromise including reading, writing, and executing files in system directories.

What this means

What could happen

An attacker with login credentials could gain SSH/SCP access to lighting controllers and execute arbitrary commands with root privileges, potentially disrupting stage lighting, venue automation, and integrated building control systems.

Who's at risk

Venues, theaters, concert halls, broadcast facilities, and events production systems using ENTTEC lighting control hardware. The Datagate Mk2, Storm 24, and Pixelator are active products requiring firmware updates. The E-Streamer Mk2 is end-of-life and no longer supported.

How it could be exploited

An attacker with valid user credentials exploits weak access controls (CWE-284, CWE-732) to gain SSH/SCP access to the device. Once authenticated, the attacker can inject malicious code and execute commands with root privileges to read, write, or modify system files and device behavior.

Prerequisites

Valid user credentials for SSH/SCP login
Network access to the device on SSH port (typically 22)
Device must be reachable from the attacker's network or accessible via exposed management interface

remotely exploitable (requires network access and credentials)authentication required (valid SSH credentials)low complexity attackaffects automation and control systemsno fix available for E-Streamer Mk2 (end-of-life)weak access controls and permission misconfigurations

Exploitability

Some exploitation risk — EPSS score 1.0%

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

Datagate Mk2: firmware≤ 70044 update 05032019-482RevB (June 2020) or newer

E-Streamer Mk2 (End of Life): firmware≤ 70044 update 05032019-482No fix (EOL)

Storm 24: firmware≤ 70044 update 05032019-482RevB (June 2020) or newer

Pixelator: firmware≤ 70044 update 05032019-482RevB (June 2020) or newer

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDPlace all lighting controller devices behind firewalls and restrict network access to management ports from engineering workstations only

HARDENINGEnsure devices are not directly accessible from the Internet; use firewall rules to block inbound access

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Datagate Mk2, Storm 24, and Pixelator devices to RevB (June 2020) firmware or newer

HARDENINGLock device front panel menu after firmware update to restrict local configuration access

HARDENINGIf remote access is required, configure VPN for secure management traffic only

Long-term hardening

0/1

HOTFIXE-Streamer Mk2 (end-of-life) units should be upgraded to S-PLAY or replaced with current product line

CVEs (4)

CVE-2019-12776 CVE-2019-12774 CVE-2019-12775 CVE-2019-12777

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8a76e558-8fab-4eac-bf6e-60c89822f5ba

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.