OTPulse
FeedAboutContact

HMS Industrial Networks Anybus-CompactCom 30

Monitor6.3ICS-CERT ICSA-24-193-20Jul 11, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Anybus-CompactCom 30 contains a cross-site scripting (CWE-79) vulnerability in its web interface. Successful exploitation could allow an attacker to cause denial-of-service, exfiltrate configuration data, or achieve remote code execution on the gateway module. All versions are affected. The vulnerability is exploitable over the network and does not require authentication.

What this means
What could happen
An attacker with network access to the web interface could run commands on the Anybus-CompactCom 30, potentially disrupting communication between your gateway and field devices or stealing configuration data. This could stop real-time data flow from PLCs and remote terminal units to your SCADA system.
Who's at risk
Manufacturing facilities using HMS Anybus-CompactCom 30 modules as industrial gateways or protocol converters in control networks. This includes any facility running Modbus TCP, EtherCAT, Profibus, or other industrial protocols through this gateway.
How it could be exploited
An attacker sends a specially crafted request to the unprotected web interface of the Anybus-CompactCom 30. If the device is reachable from the network (especially the internet or corporate network), the attacker can inject malicious code without needing credentials, leading to command execution or data exfiltration on the gateway module.
Prerequisites
  • Network access to the Anybus-CompactCom 30 web interface (typically port 80/443)
  • No credentials required
  • User interaction may be required depending on attack vector
remotely exploitableno authentication requiredlow complexityno patch availableaffects gateway/communication devices
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
Anybus-CompactCom 30: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/4
HARDENINGAdd password protection to all webpages served by the Anybus-CompactCom 30 module
WORKAROUNDDisable the webserver in the Anybus-CompactCom 30 if not needed
HARDENINGIsolate Anybus-CompactCom 30 devices on a secure network segment; block external access via firewall rules
HARDENINGDo not expose Anybus-CompactCom 30 directly to the internet or corporate network; restrict to local industrial network only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXReplace Anybus-CompactCom 30 with Anybus-CompactCom 40 module
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a3f6c7fb-e141-4d41-9309-588237c9e83a