SHUN HU Technology JUUKO Industrial Radio Remote Control

Plan Patch8.3ICS-CERT ICSA-20-301-01Oct 27, 2020

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SHUN HU Technology JUUKO Industrial Radio Remote Control systems contain vulnerabilities (CWE-294 weak authentication, CWE-77 improper neutralization) that allow attackers to replay wireless commands, control the device, view legitimate commands, and stop device operation. The affected products end with model numbers 9A, 9B, 9C, etc. and have no vendor fix available. SHUN HU has released new firmware; contact technical support for update availability and procedures.

What this means

What could happen

An attacker could replay radio commands to control the JUUKO remote control system, potentially altering equipment operation, viewing legitimate commands, or causing devices to stop functioning unexpectedly.

Who's at risk

Manufacturing facilities using SHUN HU Technology JUUKO Industrial Radio Remote Control systems for crane operation, material handling, or other remotely controlled machinery. This affects any site that relies on wireless remote control for process operations.

How it could be exploited

An attacker within radio range of the JUUKO remote control system can capture and replay wireless commands without authentication, allowing them to operate controlled equipment or prevent legitimate operators from doing so. The wireless protocol lacks replay protection and command validation.

Prerequisites

Attacker within radio range of the JUUKO transmitter/receiver
Physical proximity to the affected equipment
No valid credentials or authentication required

Remotely exploitable via radioNo authentication requiredLow complexity attackAffects equipment controlNo patch available from vendor at advisory time

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

The following< numbers ending ...9A ...9B ...9C etc.No fix yet

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGPhysically secure the device and keep it in a locked, access-restricted area to limit exposure to unauthorized radio signal capture

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate JUUKO firmware to the latest version provided by SHUN HU Technology; contact technical support for firmware release details and update procedure

Long-term hardening

0/1

HARDENINGPerform a site survey to identify the physical radio range of your JUUKO system and restrict unauthorized personnel access to that area

CVEs (2)

CVE-2018-17932 CVE-2018-19025

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bda2354e-74eb-41ed-993b-ddb4e4beb786