OTPulse
FeedAboutContact

ICSMA-17-082-01_BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability

Monitor7.3ICS-CERT ICSMA-17-082-01Mar 23, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

BD Kiestra PerformA and KLA Journal Service applications contain hard-coded passwords that allow unauthenticated users to log in remotely. PerformA is used for automated laboratory plate processing and incubation; KLA Journal Service is used for data logging in manufacturing and quality control environments. Successful authentication grants access to sensitive data and the ability to modify system settings and operational parameters.

What this means
What could happen
An attacker with network access could log in to PerformA or KLA Journal Service using hard-coded credentials, gaining the ability to read sensitive data, modify system settings, or disrupt laboratory or manufacturing operations.
Who's at risk
This affects laboratory and pharmaceutical manufacturing facilities, quality control operations, and any organization running BD Kiestra PerformA (plate processing automation) or KLA Journal Service (data logging). Specifically, laboratory automation systems and manufacturing quality assurance equipment operators should care about this issue.
How it could be exploited
An attacker scans for PerformA or KLA Journal Service interfaces on the network, identifies open service ports, and logs in using publicly known hard-coded credentials embedded in the application. Once authenticated, the attacker can access protected functions and data.
Prerequisites
  • Network access to PerformA or KLA Journal Service application ports
  • Service must be accessible from the attacker's location (typically HTTP/HTTPS or proprietary ports)
  • Knowledge of the hard-coded credential usernames and passwords
remotely exploitableno authentication required (hard-coded)low complexityno patch availableaffects critical automation systems
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
PerformA:≤ 2.0.14.0No fix (EOL)
KLA Journal Service:≤ 1.0.51No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDDisable or restrict network access to PerformA and KLA Journal Service using firewall rules, allowing only trusted engineering and operational staff workstations
WORKAROUNDChange hard-coded credentials if the application provides a user account management interface to set custom passwords
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: PerformA:, KLA Journal Service:. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate PerformA and KLA Journal Service on a dedicated VLAN with strict ingress/egress controls
HARDENINGMonitor network traffic to these services for unauthorized access attempts and failed authentication events
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/038ffd73-64d9-487c-8027-9b7959bbd396
ICSMA-17-082-01_BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability | CVSS 7.3 - OTPulse