IPCOMM ipDIO

Plan Patch8.8ICS-CERT ICSA-22-062-01Mar 3, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

IPCOMM ipDIO firmware versions 3.9 and 2016 3.9 contain code injection vulnerabilities (CWE-79, CWE-94) that could allow an attacker to inject and execute arbitrary code. IPCOMM has discontinued support for ipDIO and considers it end-of-life; no patch is available. The vendor recommends upgrading to the ip4Cloud successor device.

What this means

What could happen

An attacker could inject and execute arbitrary code on the ipDIO device, potentially allowing them to modify control logic or stop operations. Since ipDIO is end-of-life with no vendor patch available, this device is at permanent risk.

Who's at risk

Any water utility, electric utility, or other critical infrastructure operator using IPCOMM ipDIO remote I/O controllers or gateways. These devices are typically used to monitor and control field equipment like pumps, motors, and valves over Ethernet or serial networks. End-of-life status means no security patches will ever be released.

How it could be exploited

An attacker would need to trick a user into clicking a malicious web link or opening an attachment via email (CWE-79, CWE-94 suggest code injection and unsafe deserialization). If the user is logged into or has an active session with the ipDIO device, the injected code could execute with their privileges on the controller.

Prerequisites

User interaction required: victim must click a malicious link or open an attachment while accessing the device
Device must be reachable from where the victim can access it (likely via network or VPN if remote access is enabled
No authentication bypass required if the attacker can socially engineer a user with legitimate access

no patch availableend-of-life productremotely exploitableuser interaction requiredaffects control system operations

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Firmware:3.9 | 2016 3.9No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate all ipDIO devices from the business network and the Internet; place them behind a firewall on a segmented OT network

WORKAROUNDDisable remote access to ipDIO devices if not absolutely required; if remote access is necessary, use a VPN with current security patches and strong authentication

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXPlan and execute immediate upgrade to IPCOMM ip4Cloud successor device to replace end-of-life ipDIO units

Long-term hardening

0/2

HARDENINGTrain users not to click unsolicited email links or open untrusted attachments, especially when they have active sessions to control system devices

HARDENINGImplement network segmentation to isolate ipDIO devices from business systems and the Internet

CVEs (4)

CVE-2022-24432 CVE-2022-21146 CVE-2022-24915 CVE-2022-22985

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fb49f52d-8c8b-4f08-a006-bca9f2800829