RONDS Equipment Predictive Maintenance Solution

Plan Patch8.2ICS-CERT ICSA-23-012-02Jan 12, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RONDS Equipment Predictive Maintenance (EPM) v1.19.5 contains information disclosure and path traversal vulnerabilities (CWE-200, CWE-22). Successful exploitation allows an unauthorized user to leak login credentials and download files. In some circumstances, an unauthorized user can use leaked credentials to achieve remote code execution.

What this means

What could happen

An attacker could steal credentials for maintenance and monitoring systems, then use those credentials to execute commands on the EPM platform or connected industrial equipment. This could disrupt predictive maintenance operations, compromise sensor integrity, or enable lateral movement into your control network.

Who's at risk

Organizations operating RONDS Equipment Predictive Maintenance (EPM) software for predictive monitoring and maintenance of industrial equipment. Primarily affects utility operators, manufacturing facilities, and critical infrastructure using this condition-based maintenance platform. The vulnerability impacts any deployment of EPM v1.19.5 connected to networks.

How it could be exploited

An attacker with network access to the EPM interface can exploit information disclosure and path traversal vulnerabilities to extract login credentials and arbitrary files from the system. With obtained credentials, the attacker can log in as a legitimate user and execute remote code on the EPM system or connected devices, potentially altering sensor data, maintenance schedules, or downstream control system commands.

Prerequisites

Network access to EPM v1.19.5 web interface or API
No authentication required for initial information disclosure and file download exploitation

remotely exploitableno authentication required for initial compromiselow complexitycredentials enable remote code executioninformation disclosure of sensitive datapath traversal flaw

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

Equipment Predictive Maintenance (EPM): v1.19.51.19.51.35.21

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to EPM interface - ensure it is not accessible from the Internet or untrusted networks

HARDENINGPlace EPM system and predictive maintenance networks behind firewalls and isolate from business networks and Internet-facing systems

WORKAROUNDIf remote access to EPM is required, use a VPN with current security patches and strong authentication; do not expose EPM directly to the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade RONDS Equipment Predictive Maintenance (EPM) to version 1.35.21 or later

CVEs (2)

CVE-2022-3091 CVE-2022-2893

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/844965f7-6c1b-4c45-a1d3-0b9e0bee689c