Millbeck Communications Proroute H685t-w

Plan PatchCVSS 8.8ICS-CERT ICSA-24-261-02Sep 17, 2024

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Proroute H685t-w router contains command injection vulnerabilities (CWE-77, CWE-79) that allow authenticated users to execute arbitrary operating system commands. Successful exploitation could give an attacker full control of the device's OS and network functions.

What this means

What could happen

An attacker with network access and valid credentials could run arbitrary commands on the H685t-w router, potentially disrupting network connectivity or altering its configuration in ways that affect plant operations.

Who's at risk

Water utilities, municipalities, and facilities using the Millbeck Proroute H685t-w router for network connectivity and remote access should be concerned. This device often sits at the boundary between operational networks and external communications, making it a potential pivot point for attacks.

How it could be exploited

An attacker would need valid login credentials to access the device's web interface or management console. Once authenticated, they could inject commands that the device executes with OS-level privileges, allowing them to modify device behavior or monitor traffic.

Prerequisites

Valid administrative or user credentials for the H685t-w device
Network access to the device's management interface (typically HTTP/HTTPS or SSH port)

Remotely exploitableRequires valid credentials (medium barrier)Low attack complexityNo public exploitation reported yet

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (1)

ProductAffected VersionsFix Status

Proroute H685t-w: 3.2.3343.2.3343.2.335 or higher

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the H685t-w management interface to authorized personnel only using firewall rules or VPN

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Proroute H685t-w firmware to version 3.2.335 or higher

Long-term hardening

0/2

HARDENINGDisable or limit remote administrative access to the device unless operationally necessary

HARDENINGPlace the H685t-w behind your network perimeter firewall and isolate it from direct internet exposure

CVEs (2)

CVE-2024-45682 CVE-2024-38380

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9613a4e1-f737-4bb7-81fa-dcc4018441c8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.