ProSoft Technology ICX35

Plan Patch8.2ICS-CERT ICSA-21-056-04Feb 25, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ProSoft Technology ICX35 devices with firmware version 1.9.62 and earlier contain an unauthenticated vulnerability that allows remote attackers to change user passwords and alter device configuration. The ICX35 is a communication protocol converter used in industrial automation and SCADA systems. Successful exploitation could allow unauthorized modifications to critical system settings and loss of access control.

What this means

What could happen

An attacker with network access to the ICX35 device could reset user passwords and modify device configuration, potentially disrupting critical control and monitoring functions.

Who's at risk

Water utilities, electric utilities, and other facility managers using ProSoft Technology ICX35 protocol converters or communication modules in SCADA networks, automation systems, or industrial data acquisition systems.

How it could be exploited

An attacker on the same network as the ICX35 sends requests to the device's management interface without authentication to change passwords or configuration settings. No special tools or credentials are required.

Prerequisites

Network access to the ICX35 device management interface (typically port 80 or 443)
Device must be running vulnerable firmware version 1.9.62 or earlier

Remotely exploitableNo authentication requiredLow complexity attackAffects device configuration and access controlNo patch available for some hardware variants

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

ICX35-HWC-E:≤ 1.9.621.10.30

ICX35-HWC-A:≤ 1.9.621.10.30

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to the ICX35 device: place behind firewall, isolate from business network, block unnecessary inbound connections to management ports

WORKAROUNDIf remote access to the ICX35 is required, route connections through a VPN and keep VPN software patched

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ICX35 firmware to version 1.10.30 or later

CVEs (1)

CVE-2021-22661

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/99582880-03d3-49ea-a5b4-41fd3ea7edf7