Franklin Electric Fueling Systems Colibri
Monitor6.5ICS-CERT ICSA-23-331-02Nov 28, 2023
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
The Franklin Electric Fueling Systems Colibri product contains a vulnerability (CWE-35) that allows an authenticated attacker to obtain login credentials for other users on the system. The vulnerability affects all versions of Colibri. Franklin Electric has released a firmware update to address the issue. Colibri has not been sold since 2020 and is not found in current EVO product lines.
What this means
What could happen
An attacker with valid login credentials could retrieve other users' login credentials from the Colibri system, potentially allowing lateral movement or unauthorized access to fuel management operations.
Who's at risk
Fuel system operators and energy sector organizations using Franklin Electric Fueling Systems Colibri equipment (all versions). This product has not been sold since 2020, so impact is limited to existing installations at fueling stations and distributed energy generation facilities.
How it could be exploited
An attacker must first obtain valid credentials for any user account on the Colibri system (e.g., through phishing or credential compromise). Once authenticated, they can exploit the vulnerability to extract credentials for other users in the system, escalating their access level.
Prerequisites
- Valid login credentials for at least one user account on the Colibri system
- Network access to the Colibri application interface
- The device must be reachable from the attacker's network location
requires valid credentials for exploitationcredential disclosure could enable lateral movementend-of-life product with limited ongoing supportaffects fuel dispensing/management systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FFS Colibri: vers:all/*All versionsfirmware update available
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to the Colibri system using firewall rules; block direct internet access and require VPN for any remote connections
HARDENINGEnforce strong, unique passwords for all user accounts on Colibri and implement multi-factor authentication if available
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXDownload and install the firmware update from Franklin Electric's website
Long-term hardening
0/1HARDENINGPlace the Colibri system on an isolated OT/control network segment separate from business networks and the internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d46a9dc7-33be-4073-82fd-1bfb2598f45e