RAD Data Communications SecFlow-2

Monitor7.5ICS-CERT ICSA-24-170-01Jun 18, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RAD SecFlow-2 contains a vulnerability that allows an attacker to obtain files from the operating system by crafting a special request. All versions of SecFlow-2 are affected. The vulnerability requires only network access and no authentication. RAD has not released a patch and reports the product is end-of-life. The vendor recommends upgrading to the SecFlow-1p product line.

What this means

What could happen

An attacker with network access to a SecFlow-2 device can retrieve sensitive files from the operating system, potentially exposing configuration data, credentials, or other sensitive information that could be used for further attacks.

Who's at risk

Water utilities and electric utilities using RAD SecFlow-2 devices for SCADA communications or data collection. This affects any organization that has deployed this end-of-life communications gateway between remote field devices and control center systems.

How it could be exploited

An attacker sends a specially crafted request to the SecFlow-2 device over the network. If the device is reachable from an untrusted network or the internet, the attacker can extract arbitrary files from the operating system without authentication.

Prerequisites

Network access to the SecFlow-2 device
Device must be reachable from the attacker's network (internet or adjacent network segment)

remotely exploitableno authentication requiredlow complexityno patch availableend-of-life product

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

SecFlow-2: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate SecFlow-2 devices from the internet and untrusted networks using firewalls

HARDENINGSegment SecFlow-2 devices from business network; place in isolated control system network

HARDENINGIf remote access is required, enforce access through VPN with current security patches

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade from SecFlow-2 to RAD SecFlow-1p product line (vendor recommended replacement)

CVEs (1)

CVE-2019-6268

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cbd70157-3690-4b8d-9df2-b3f1a0aa917b