Janitza Power Analyzers are Found to be Vulnerable

Good Evening Everyone !

Janitza Electronics, is a Germany-based company that specializes in the development of energy efficiency systems. Several vulnerabilities have been found in their power quality measurement products recently.

Researchers at ICS security firm Applied Risk, identified flaws that affect Janitza’s UMG 508, UMG 509, UMG 511, UMG 512, UMG 604, and UMG 605 power analyzers. According to ICS-CERT, these products are deployed in the energy sector in Europe, the Americas and Asia.

The researchers discovered existence of an undocumented default password that protects an FTP interface and a web service on the affected devices (CVE-2015-3968). This password login allows uploading and downloading random files.

Another identified flaw was a remote debug interface on TCP Port 1239 to read and write files, and execute JASIC code (CVE-2015-3971). This is a  serious vulnerability since the debug interface does not require any authentication and the list of files that can be accessed includes a file that contains the admin password in plain text, said the experts.

In an advisory they explained that; “By by leveraging the built-in JASIC script language an attacker can adjust system parameters, manipulate measurement values and change the function of the device, compromising availability, integrity and confidentiality of the device itself and dependent systems,”.

Moreover, UMG web interface by default is not protected by a password (CVE-2015-3972). A short PIN can be set by the users but there are no mechanisms to prevent a brute force attack. The session tokens used in this can be used to crack the user PIN. An authentication bypass bug, a persistent cross-site scripting (XSS) flaw, and a vulnerability that can be exploited to obtain network session information was also discovered.

Tests have been conducted on a UMG 604 Power Analyser running firmware version r4051 build 244 to identify the vulnerabilities but the researchers confirmed that other models are affected as well probably due to the same codebase.

ICS-CERT’s advisory describing the vulnerabilities states that the vendor released firmware updates (r4061 build 269) and new documentation to mitigate the issues but all flaws have been effectively fixed.

“Besides upgrading to the latest firmware version it is recommended to shield the device from any publicly accessible networks by implementing proper network segregation and by filtering the exposed network services using a network firewall. Devices should be managed from a well secured management PC only, whilst not having any active web browser sessions with untrusted web sites.”


Source: Akati

Comments are closed.