Korenix Jetwave

Plan PatchCVSS 8.8ICS-CERT ICSA-23-096-04Apr 10, 2023

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Korenix JetWave wireless access points and bridges contain command injection (CWE-77) and resource exhaustion (CWE-400) vulnerabilities. Successful exploitation allows an attacker with network access and valid credentials to execute arbitrary commands with operating-system-level privileges or cause a denial-of-service condition. Affected models include JetWave 4221 HP-E, 3220/3420 V3, 2212G, 2212X/2112S, 2211C, 2411/2111, 2411L/2111L, 2414/2114, 2424, and 2460 running versions prior to the fixed versions specified by Korenix.

What this means

What could happen

An attacker with network access could gain full control of the JetWave device's operating system or stop it from responding to commands, disrupting communications and data routing in water or electric utility networks.

Who's at risk

Utilities and municipalities operating Korenix JetWave wireless access points or bridges (models 4221 HP-E, 3220/3420 V3, 2212G, 2212X/2112S, 2211C, 2411/2111, 2411L/2111L, 2414/2114, 2424, and 2460) for network connectivity in control system or remote facility environments.

How it could be exploited

An attacker who has authenticated network access to the JetWave device (for example, through default or compromised credentials, or if the device is exposed on your IT network) could send specially crafted input through the management interface to execute arbitrary commands at the OS level or exhaust system resources, causing the device to become unresponsive.

Prerequisites

Authenticated network access to the JetWave management interface (HTTP/HTTPS port, typically 80 or 443)
Valid username and password for the device
Network path between attacker and device (internal network or remote access if enabled)

Remotely exploitable over networkRequires authentication (reduces but does not eliminate risk)Low complexity attackMultiple products affected with no alternative availableAffects network infrastructure critical to OT operations

Exploitability

Some exploitation risk — EPSS score 2.9%

Affected products (10)

9 with fix1 pending

ProductAffected VersionsFix Status

JetWave 3220/3420 V3:< 1.7V1.7

JetWave 2212G:1.3.TV1.10

JetWave 2212X/2112S:1.3.0V1.11

JetWave 2211C:< 1.6V1.6

JetWave 2411/2111:< 1.5V1.5

JetWave 2411L/2111L:< 1.6V1.6

JetWave 2414/2114:< 1.4V1.4

JetWave 2424:< 1.3V1.3

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGPlace all JetWave devices on a dedicated network segment isolated from general IT and the Internet; ensure access is restricted to authorized personnel and systems only

HARDENINGRequire strong, unique passwords for all JetWave device management accounts and disable any default credentials

WORKAROUNDImplement firewall rules to restrict access to the JetWave management interfaces; block any external access from the Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all JetWave devices to the vendor-specified fixed versions: JetWave 4221 HP-E to V1.4.0, JetWave 2212G to V1.10, JetWave 2212X/2112S to V1.11, JetWave 2211C to V1.6, JetWave 2411/2111 to V1.5, JetWave 2411L/2111L to V1.6, JetWave 2414/2114 to V1.4, JetWave 2424 to V1.3, JetWave 2460 to V1.6, JetWave 3220/3420 V3 to V1.7

HARDENINGIf remote access to JetWave devices is needed, deploy it only through a VPN and ensure the VPN itself is kept up to date

CVEs (3)

CVE-2023-23294 CVE-2023-23295 CVE-2023-23296

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b56d710f-87b6-41ec-8d61-8f9a81183624

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.