OTPulse
FeedAboutContact

Sequi PortBloque S

Act Now9.9ICS-CERT ICSA-22-228-07Aug 16, 2022
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

PortBloque S contains authentication bypass and authorization flaws (CWE-287, CWE-285) that allow an authenticated attacker to make unauthorized changes to device configuration, including adding new administrative users or modifying existing credentials. This could grant persistent unauthorized access to the security appliance. All versions of PortBloque S are affected, and as of August 9, 2022, Sequi has not provided patches or committed to a fix timeline.

What this means
What could happen
An attacker with network access and valid credentials could modify device configuration, add new admin accounts, or change existing passwords, gaining persistent access to the PortBloque S device and potentially disrupting critical network security functions.
Who's at risk
Organizations operating Sequi PortBloque S devices for network security or filtering functions in critical infrastructure (water utilities, electric utilities, manufacturing) should prioritize isolation and access controls. This includes anyone using PortBloque S in perimeter defense, DMZ protection, or control network segmentation roles.
How it could be exploited
An attacker with access to the device's network interface and valid user credentials could authenticate to the PortBloque S management interface and leverage the authentication bypass or authorization flaw to escalate privileges or modify system configuration without proper authorization checks.
Prerequisites
  • Network access to the PortBloque S device management interface
  • Valid user credentials to authenticate to the device
  • Device must be reachable from attacker's network position
remotely exploitablerequires valid credentialsno patch available from vendoraffects network security device (impacts availability and integrity of critical operations)vendor non-responsive to security reports
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
PortBloque S: All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGMinimize network exposure: ensure PortBloque S devices are not directly accessible from the Internet and restrict network access to authorized management networks only
HARDENINGImplement network segmentation: place PortBloque S behind firewalls and isolate from business networks using air-gapped or heavily restricted network architecture
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGUse VPN for remote access: if remote management is required, enforce secure VPN tunnels with current security patches to the PortBloque S
WORKAROUNDContact Sequi for security updates: reach out to the vendor to inquire about any patches or mitigation strategies as they become available
Mitigations - no patch available
0/1
PortBloque S: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor for suspicious configuration changes: implement audit logging and alerting for any modifications to user accounts, passwords, or device configuration on PortBloque S
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/04167aba-5ded-47b2-9d66-d6eade0e7987
Sequi PortBloque S | CVSS 9.9 - OTPulse