FXC AE1021/AE1021PE
Act Now8ICS-CERT ICSA-23-355-01Dec 21, 2023
Attack VectorAdjacent
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
FXC AE1021 and AE1021PE devices contain a command injection vulnerability in NTP server settings processing (CWE-78). An authenticated attacker with network access to the device can supply a malicious NTP server address that is not properly sanitized, leading to arbitrary command execution on the device. The vulnerability affects firmware version 2.0.9 and earlier. This vulnerability is being actively exploited in the wild.
What this means
What could happen
An attacker with network access to an FXC AE1021/AE1021PE device could run arbitrary commands on the device via manipulated NTP server settings, potentially altering power flow settings, disabling protections, or disrupting grid synchronization in electrical systems.
Who's at risk
Electrical utilities and power generation facilities operating FXC AE1021 or AE1021PE power monitoring/control equipment are affected. These devices are typically deployed at substations, generation facilities, or grid interconnection points to monitor and control power flow.
How it could be exploited
An attacker on the same network segment as the device (adjacent network access) with low-privilege management credentials could modify the NTP server configuration through the management interface to inject malicious commands that execute with device privileges, achieving remote code execution.
Prerequisites
- Network access to the device management interface (adjacent network access, not from internet)
- Low-privilege management screen login credentials
- Device firmware version 2.0.9 or earlier
Actively exploited (KEV status)Remote code execution capabilityLow authentication complexity requiredHigh EPSS score (24.1%)Network adjacent access requiredNo patch available for end-of-life devices
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
AE1021PE firmware: <=2.0.9≤ 2.0.92.0.10
AE1021 firmware: <=2.0.9≤ 2.0.92.0.10
Remediation & Mitigation
0/4
Do now
0/2HOTFIXUpdate AE1021/AE1021PE firmware to version 2.0.10 or later
HARDENINGReset device to factory settings and change the default management screen login password from default to a strong, unique credential
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGIf remote access is required, implement VPN with encryption and multi-factor authentication for management access
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate AE1021/AE1021PE devices from business networks and internet access using firewalls or air-gapping
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e4e5de72-11a5-401f-b3fd-2becad408200