Tibbo AggreGate Network Manager

Plan PatchCVSS 8.8ICS-CERT ICSA-24-354-05Dec 19, 2024

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Tibbo Aggregate Network Manager versions 6.34.02 and earlier contain an arbitrary file upload vulnerability (CWE-434) in the web management interface. An authenticated attacker could upload malicious files that are processed by the application, leading to arbitrary code execution on the device. Successful exploitation requires valid user credentials and network access to the management interface. Tibbo has released patches in versions 6.40.02 and 6.34.03 that address this vulnerability.

What this means

What could happen

An attacker with network access and valid credentials could upload malicious files to the Aggregate Network Manager, leading to arbitrary code execution on the device and potentially allowing them to alter device configuration or disrupt network monitoring and management functions.

Who's at risk

Organizations running Tibbo Aggregate Network Manager for remote device management and monitoring. This primarily affects facility managers, system integrators, and network operations teams managing distributed control systems, remote devices, or multi-site infrastructure. Any organization with versions 6.34.02 or earlier is affected.

How it could be exploited

An attacker with valid network credentials accesses the Network Manager's file upload functionality. They upload a specially crafted file that the application processes without proper validation, allowing arbitrary code execution with the privileges of the application. This could give the attacker control over the device's operations and configuration.

Prerequisites

Network access to the Aggregate Network Manager (typically port 80/443 or configured management port)
Valid user credentials for authentication to the management interface
Knowledge of the file upload functionality in the web interface

remotely exploitablerequires valid credentialsmedium complexity exploitallows code execution on management device

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

Aggregate Network Manager: <=6.34.02≤ 6.34.026.40.02, 6.34.03

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the Aggregate Network Manager management interface to authorized administrative workstations only using firewall rules

HARDENINGEnforce strong unique credentials for all management interface user accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Aggregate Network Manager to version 6.40.02, 6.34.03, or latest version

Long-term hardening

0/1

HARDENINGPlace the Aggregate Network Manager on a separate management network, isolated from production OT networks and the business network

CVEs (1)

CVE-2024-12700

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/33f2f064-e691-41cd-bf68-863b3da21454

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.