OTPulse
FeedAboutContact

Adminer in Industrial Products

Act Now7.5ICS-CERT ICSA-22-130-01May 10, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Adminer versions 1.112.0 through 4.6.2 contain a vulnerability (CWE-552) that allows unauthenticated network access to read database credentials and sensitive information. Affected users should upgrade to Adminer 4.6.3 or later. Advantech R-SeeNet on Windows installations using vulnerable Adminer versions should be upgraded to R-SeeNet 2.4.19 or later.

What this means
What could happen
An attacker could read database credentials and other sensitive information from systems running vulnerable Adminer versions, potentially gaining access to configuration data and control system databases.
Who's at risk
Manufacturing facilities and utilities using Adminer for database administration in control system environments. Specific impact to Advantech R-SeeNet installations on Windows, which may be used for monitoring or managing industrial control systems, SCADA networks, or networked sensors and PLCs.
How it could be exploited
An attacker with network access to an affected Adminer installation (via direct exposure to the internet or internal network) can access exposed database credentials without authentication. If Adminer is accessible from the business network or internet, an attacker can enumerate and extract sensitive database information.
Prerequisites
  • Network access to Adminer web interface
  • Adminer version 1.112.0 through 4.6.2 running and accessible
remotely exploitableno authentication requiredlow complexityhigh EPSS score (83.6%)affects sensitive system configuration
Exploitability
High exploit probability (EPSS 83.6%)
Affected products (1)
ProductAffected VersionsFix Status
:≥ 1.112.0 | ≤ 4.6.24.6.3
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDRestrict network access to Adminer through firewall rules; block external access and limit to authorized administrative networks only
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Adminer to version 4.6.3 or later
HOTFIXUpgrade Advantech R-SeeNet (Windows installation) to version 2.4.19 or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate control system devices and Adminer instances from the business network and Internet
HARDENINGDeploy VPN with multi-factor authentication for any required remote administrative access to Adminer
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/63162a93-1cee-4ece-8264-b34fa799667a