OTPulse
FeedAboutContact

Gessler GmbH WEB-MASTER

Act Now9.8ICS-CERT ICSA-24-032-01Feb 1, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Gessler GmbH WEB-MASTER devices contain hardcoded credentials (CWE-798) and weak cryptographic implementations (CWE-327) in the web management interface. Successful exploitation allows an attacker with network access to take control of the web management function and extract password hashes for all users stored on the device without authentication.

What this means
What could happen
An attacker with network access to the WEB-MASTER device could take control of the web management interface and extract password hashes for all users, potentially gaining administrative access to the device and the systems it controls.
Who's at risk
Organizations operating Gessler GmbH WEB-MASTER devices (version 7.9) for water treatment, power distribution, or other critical infrastructure monitoring and control should assess this immediately. This impacts any site using WEB-MASTER for SCADA-like web-based device management.
How it could be exploited
An attacker with network access to the device's web management port could exploit hardcoded or weak cryptographic implementations to gain unauthorized access to the web interface without valid credentials, then extract stored password hashes and use offline attacks to crack them.
Prerequisites
  • Network access to the WEB-MASTER device web management port (typically HTTP/HTTPS)
  • No valid credentials required for initial exploitation
Remotely exploitableNo authentication required for initial accessLow complexity attackAffects web management interfaceNo patch available yet for WEB-MASTER 7.9CVSS 9.8 (critical severity)Hardcoded credentials or weak crypto (CWE-798, CWE-327)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
WEB-MASTER: 7.97.94.4 or greater
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGImplement network segmentation to restrict access to WEB-MASTER web management interface (port 80/443) to authorized engineering workstations only
WORKAROUNDDeploy a firewall rule or access control list to prevent unauthorized access to the device from untrusted networks
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WEB-MASTER to version 4.4 or greater
HOTFIXUpdate EZ2 to version 3.2 or greater
HOTFIXCoordinate updates with Gessler GmbH technicians as required for deployment
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/85996759-f53a-460a-a964-16856f66f011
Gessler GmbH WEB-MASTER | CVSS 9.8 - OTPulse