ORing IAP-420

Act Now9.6ICS-CERT ICSA-25-044-15Feb 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

The ORing IAP-420 contains command injection vulnerabilities (CWE-79, CWE-77) in the management interface that allow an attacker to invoke commands and compromise the device. The vulnerabilities require network access to the management interface and may require user interaction. All versions up to and including 2.01e are affected. ORing is aware and working on a fix, but no patch has been released to date.

What this means

What could happen

An attacker can invoke arbitrary commands on the IAP-420 management interface to compromise the device. This could allow remote takeover of the appliance's configuration, traffic routing, or network access control functions that support critical infrastructure operations.

Who's at risk

Organizations running ORing IAP-420 industrial access points should care about this vulnerability. The IAP-420 is commonly used in utility and critical infrastructure networks to manage network access and routing for control system devices. Compromise could affect plant-wide network availability and allow lateral movement to PLCs, switches, and other control equipment.

How it could be exploited

An attacker sends a specially crafted request to the management interface (likely HTTP/HTTPS) that exploits command injection or template injection vulnerabilities. The attacker does not need valid credentials. If the attacker can reach the management port from the network, they can execute commands with the privileges of the management service.

Prerequisites

Network access to the IAP-420 management interface (port likely 80/443 or similar)
No authentication required
User interaction may be required (CVSS indicates UI:R), such as clicking a link or visiting a malicious page

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (27.2%)No patch availableUser interaction required

Exploitability

High exploit probability (EPSS 27.2%)

Affected products (1)

ProductAffected VersionsFix Status

IAP-420: <=2.01e≤ 2.01eNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to the IAP-420 management interface using firewall rules. Allow management access only from trusted engineering workstations or VPN endpoints.

HARDENINGMove the IAP-420 behind a firewall and isolate it from the business network and the internet. Do not expose the management interface to the internet.

HARDENINGIf remote management is required, use a VPN connection and ensure the VPN is kept updated to the latest version.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact ORing directly for information on when a patch will be available and subscribe to vendor security updates.

Mitigations - no patch available

0/1

IAP-420: <=2.01e has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor for indicators of compromise on the IAP-420, such as unexpected configuration changes or command execution logs.

CVEs (2)

CVE-2024-5410 CVE-2024-5411

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a99ca378-bd20-4976-8071-6dd46ad2c571