ORing IAP-420

Act NowCVSS 9.6ICS-CERT ICSA-25-044-15Feb 13, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

ORing IAP-420 devices (version 2.01e and earlier) contain command injection and code execution vulnerabilities in the management interface that could allow an attacker to invoke arbitrary commands and compromise the device. These vulnerabilities require network access to the management interface and in some cases user interaction. ORing is aware and working to produce a fix, but no patch is currently available. The vendor recommends defensive measures including network isolation, firewall protection, and secure remote access methods.

What this means

What could happen

An attacker could invoke arbitrary commands on the IAP-420 management interface, potentially compromising the device and altering its configuration or control logic. This could disrupt network operations or allow lateral movement into connected industrial networks.

Who's at risk

Organizations operating ORing IAP-420 network appliances should be concerned, particularly those providing remote access or exposed management interfaces. The IAP-420 is commonly used in industrial and networked environments as a managed PoE switch or industrial access point; compromise could affect network availability and enable lateral movement into connected industrial control systems.

How it could be exploited

An attacker with network access to the management interface could exploit command injection or code execution vulnerabilities (CWE-79, CWE-77) through crafted inputs. User interaction (such as clicking a malicious link) may be required to trigger exploitation. Once compromised, the attacker gains command execution capability on the device.

Prerequisites

Network access to the IAP-420 management interface
In some attack scenarios, user interaction required (e.g., clicking a malicious link)

remotely exploitableno authentication requiredlow complexityhigh EPSS score (27.2%)no patch availableactively being developed by vendor but not yet released

Exploitability

Likely to be exploited — EPSS score 27.2%

Affected products (1)

ProductAffected VersionsFix Status

IAP-420: <=2.01e≤ 2.01eNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to the IAP-420 management interface; isolate the device from the business network and locate it behind a firewall

HARDENINGImplement network segmentation to prevent unauthorized access to the management interface from untrusted networks

WORKAROUNDIf remote access to the management interface is required, use a VPN with current security updates to encrypt and authenticate connections

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for suspicious commands or configuration changes on the IAP-420 and report findings to CISA if malicious activity is suspected

HOTFIXContact ORing directly for information on patch availability and timeline, as vendor is working on a fix

CVEs (2)

CVE-2024-5410 CVE-2024-5411

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a99ca378-bd20-4976-8071-6dd46ad2c571

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.