OTPulse
FeedAboutContact

Fujitsu Software Infrastructure Manager

Monitor5.9ICS-CERT ICSA-23-255-02Sep 12, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

Fujitsu Infrastructure Manager stores proxy server passwords in cleartext within maintenance data files. A local attacker with user-level access to the Infrastructure Manager workstation can extract this password by viewing or exporting maintenance data. This could allow an attacker to compromise firmware downloads or intercept infrastructure management traffic. The vulnerability affects Advanced Edition V2.8.0.060, Advanced Edition for PRIMEFLEX V2.8.0.060, and Essential Edition V2.8.0.060.

What this means
What could happen
An attacker with local access to a maintenance workstation could extract the proxy server password from unprotected maintenance data, potentially allowing them to intercept or modify firmware downloads and inject malicious code into plant systems.
Who's at risk
Fujitsu Infrastructure Manager operators managing PRIMEFLEX or other datacenter/infrastructure systems. This affects IT/OT personnel who perform firmware maintenance and updates via proxy connections. System integrators and managed service providers supporting these platforms.
How it could be exploited
An attacker must have local access to the Fujitsu Infrastructure Manager workstation and gain the ability to view maintenance data files (requires local user privileges and interaction to trigger export). Once maintenance data is accessed, the proxy password is stored in cleartext and can be extracted.
Prerequisites
  • Local user access to the Infrastructure Manager workstation
  • Ability to view or export maintenance data
  • The proxy server password must be set and configured in ISM
Local access required (not remotely exploitable)Authentication/privileges requiredNo patch currently available for all editionsAffects confidentiality of proxy credentialsCleartext password storage
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Infrastructure Manager: Advanced Edition V2.8.0.060Advanced Edition V2.8.0.060V2.8.0.061
Infrastructure Manager: Essential Edition V2.8.0.060Essential Edition V2.8.0.060V2.8.0.061
Infrastructure Manager: Advanced Edition for PRIMEFLEX V2.8.0.060Advanced Edition for PRIMEFLEX V2.8.0.060V2.8.0.061
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDConfigure the proxy server with a user ID and/or password that does not contain backslash (\) characters
WORKAROUNDStore maintenance data in a restricted/trusted location and delete it when no longer needed
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Fujitsu Infrastructure Manager (all editions) to version V2.8.0.061 or later
Long-term hardening
0/1
HARDENINGRestrict local access to Infrastructure Manager workstations through physical security controls and access lists
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/52263e46-a005-47a0-b34b-23aee89d80a7
Fujitsu Software Infrastructure Manager | CVSS 5.9 - OTPulse