EFACEC UC 500E

MonitorCVSS 6.3ICS-CERT ICSA-23-353-03Dec 19, 2023

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

UC 500E versions before 10.1.1 contain three vulnerabilities: cleartext transmission of sensitive data (CWE-319), open redirect allowing redirection to malicious websites (CWE-601), and unauthorized information disclosure (CWE-200). These vulnerabilities could allow an attacker on the same network segment to steal credentials, configuration data, or session tokens, and redirect users to phishing or malware sites. An attacker does not need valid credentials to initiate exploitation but does require the victim to interact with a malicious link or trust a redirect.

What this means

What could happen

An attacker on the same network as the UC 500E could steal sensitive information (such as login credentials or configuration data), gain unauthorized access to the device, or trick users into visiting malicious websites that could compromise connected systems.

Who's at risk

Operators responsible for EFACEC UC 500E uninterruptible power supplies (UPS) or power management systems should prioritize this. The device is typically used in data centers, critical infrastructure facilities, and industrial plants to monitor and control power distribution. Any facility relying on the UC 500E for power system visibility or control is affected.

How it could be exploited

An attacker with network access to the UC 500E could send a specially crafted request to trigger the vulnerability. No credentials are required. The attacker could intercept unencrypted sensitive data transmitted by the device, or craft a malicious redirect that tricks a user into accessing a fake login page to harvest credentials, which could then be used to access the device directly.

Prerequisites

Network access to UC 500E on the same local network segment (AV:A indicates adjacent network)
User interaction required to trigger redirect or credential theft (UI:R)
No authentication required to initiate the attack

Requires adjacent network access but no authenticationLow attack complexityAffects data confidentiality (credential/configuration theft)Sensitive information exposureUser interaction required (reduces but does not eliminate risk)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

UC 500E: 10.1.010.1.010.1.1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate UC 500E behind a firewall and restrict network access to trusted engineering workstations only

HARDENINGEnsure UC 500E is not accessible from the internet or business network; implement network segmentation to keep the device on a dedicated OT network

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate UC 500E to version 10.1.1 or later

HARDENINGIf remote access is required, use a VPN with the most current version and security patches available

CVEs (4)

CVE-2023-50703 CVE-2023-50704 CVE-2023-50705 CVE-2023-50706

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f1c08920-de34-45aa-a68e-8602b4849a8a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.