-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Vulnerability in Update Process of StationScout and StationGuard
- - - - - -----------------------------------------------------------------

Security Advisory ID: OSA-5
Release Date: 2023-03-20
Revision: 1.0
OMICRON Product Security Team | security@omicronenergy.com


Summary
- - - - - -----------------------------------------------------------------

A vulnerability has been identified in the firmware update process that allows a remote attacker 
to gain full control of the system. This can be achieved by utilizing a specially crafted 
firmware update file, which can inject malicious code and grant the attacker complete control 
over the targeted device.


Affected OMICRON Products
- - - - - -----------------------------------------------------------------

This vulnerability affects the following OMICRON product(s):

Products                        Affected versions
> StationGuard                  2.20 and earlier on all platforms
> StationScout                  2.20 and earlier on all platforms


Vulnerability Classification
- - - - - -----------------------------------------------------------------

> CVE-2023-28610	
> Base Score 10
> Risk Class Critical
> Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H


Security Advisory
- - - - - -----------------------------------------------------------------

Mitigation:

OMICRON has released StationGuard 2.21 and StationScout 2.21 which address the issue and fix 
the vulnerability. It is strongly recommended that customers currently using the affected 
versions install the latest update available on the customer portal (registration required) 
as soon as possible to ensure the security of their system.

More information about StationGuard and StationScout, including the link to download them, can 
be found on 
https://www.omicronenergy.com/en/products/stationguard/ and 
https://www.omicronenergy.com/en/products/stationscout/


Acknowledgments
- - - - - -----------------------------------------------------------------

OpenSource Security GmbH
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmQZpDwACgkQ8BT0uMcu
yBgW4g//VZyRnEHM+YzjM/k+gMg5XryNQXrOKdLWQslIgCIzsCFCnaBCPeCvbe8u
aPWYHy5VylQPinorH7P2fTHhns9/A5sTnvigdTMqptiy5qoyP0wEdjwiquj7VIJP
DXIo46mC/SOuaCWI1MTslvHK5g2Cgxf5NCJ+3lVNPsJIv14PQQCktfycCljHD/dw
SmW/Oj6un6NTnIruMhw5uJIc4kYVulXQ8gA9SbnaYMytNUtCj+/Da0TJYnfGBVW8
lPr44Wes/uVwh7YO2yJkELgOIikOIiBruOMhz+DcNuVV56LhY4VRRZm/9JHmkZgN
KOqC+vTkO3OAM5LKpKWChYnChjIqQg/4EJ6p5+kEiAT5ZboHOrdDzy2vD/q63Of6
Lu5x3ClVI3PyrjQxIPMeU7jNzH2PJB4TM2F1MV1+6HHZCzmrzSU7IevF1jZGaevo
/cnyfXfZ6tKct0RhSYl6jKi4jErxnjpu48wVWVQpiqOr6fGnGdBWlhqTnUQxgOCe
5wg39HP/CwF2wLbaQ/DhM8yVgtLcQcEOmbVIRgzaa3Wwj7I4tIAkNSW5j/Vws2P+
jnZhAuBxmuySlJH0d91Hb+QzHlflM5ierx1wNwloz5OQITCr9GnRYEW0tyepNdX7
QWZt7AxBlwU4h/YQvx7EYW99qP52j6a7O8DvlUXWwana7EXwgE4=
=fXOF
-----END PGP SIGNATURE-----