Advantech Spectre RT Industrial Routers

Act Now10ICS-CERT ICSA-21-054-03Feb 23, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech Spectre RT industrial routers contain multiple critical vulnerabilities including cross-site scripting (CWE-79), cleartext transmission (CWE-319), weak password requirements (CWE-307), weak cryptography (CWE-327), and improper resource validation (CWE-1103). Successful exploitation allows information disclosure, file deletion, and remote code execution.

What this means

What could happen

An attacker with network access to the router could execute arbitrary commands, delete operational files, or steal configuration and credential data. This could disrupt plant connectivity, data logging, and remote operations.

Who's at risk

Manufacturing facilities using Advantech Spectre RT ERT351 industrial routers for plant-wide connectivity and remote management. This affects any site relying on this router for supervisory access, data logging, or remote troubleshooting. Utilities and water authorities may use similar equipment for SCADA connectivity.

How it could be exploited

An attacker on the network (or internet if the router is internet-exposed) can connect to the affected Spectre RT router and exploit the unauthenticated vulnerabilities to inject malicious code, steal credentials in cleartext, or delete critical files. No credentials or user interaction are required.

Prerequisites

Network reachability to the Spectre RT router (port and protocols to be confirmed from product documentation, but likely accessible from network segments it serves)
No credentials required for exploitation

remotely exploitableno authentication requiredlow complexityhigh EPSS score (12%)affects industrial connectivity and remote operations

Exploitability

High exploit probability (EPSS 12.0%)

Affected products (1)

ProductAffected VersionsFix Status

Spectre RT ERT351: firmware≤ 5.1.36.2.7 or later

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to industrial router from the business network and internet; place behind firewall and do not expose to internet

HARDENINGIf remote access is required for management, use VPN with current updates and multi-factor authentication

HARDENINGMonitor network traffic to and from the router for suspicious activity

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Spectre RT ERT351 firmware to version 6.2.7 or later

CVEs (5)

CVE-2019-18233 CVE-2019-18231 CVE-2019-18235 CVE-2018-20679 CVE-2016-6301

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6cc17502-335e-41c1-bee1-399c3c966928