CVE-2017-6049

Vulnerability

The Detcon SiteWatch Gateway, all non-cellular versions, suffers from improper authentication and plaintext storage of passwords. An unauthenticated attacker can modify device settings by sending a specially crafted URL to the device's web interface [1]. No special configuration is required for the vulnerable code path to be reachable.

Exploitation

An attacker with network access to the affected gateway can send a crafted HTTP request directly to the device. No authentication or user interaction is needed. The low skill level required means basic understanding of HTTP requests is sufficient to manipulate settings [1].

Impact

Successful exploitation allows the attacker to change device settings, retrieve stored user passwords (due to plaintext storage), and potentially achieve remote code execution on the gateway [1]. This could lead to full compromise of the device and enable further attacks on the connected industrial control network.

Mitigation

Detcon has discontinued the SiteWatch Gateway and will not release a firmware patch [1]. Affected users should minimize network exposure by placing the gateway behind a firewall and avoiding direct Internet connectivity. If remote access is necessary, use a VPN. Organizations should consider replacing the device with a supported alternative. ICS-CERT provides additional defense-in-depth guidance [1].