-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Incorrect Authorization Vulnerability in StationScout and StationGuard - ------------------------------------------------------------------------ Security Advisory ID: OSA-6 Release Date: 2023-11-21 Revision: 1.1 OMICRON Product Security Team | security@omicronenergy.com Summary - ------------------------------------------------------------------------ An incorrect authorization vulnerability has been discovered in StationGuard versions 1.10.0056 through 2.20.0080 and StationScout versions 1.30.0040 through 2.20.0063 that allows a remote attacker to gain unintended access to sensitive information, execute unauthorized actions, or modify data. Affected OMICRON Products - ------------------------------------------------------------------------ This vulnerability affects the following OMICRON product(s): > StationGuard Image 1.10.0056 on all platforms > StationGuard Image 2.00.0068 on all platforms > StationGuard Image 2.10.0073 on all platforms > StationGuard Image 2.20.0080 on all platforms > StationScout Image 1.30.0040 on all platforms > StationScout Image 2.00.0056 on all platforms > StationScout Image 2.10.0059 on all platforms > StationScout Image 2.20.0063 on all platforms Vulnerability Classification - ------------------------------------------------------------------------ > CVE-2023-28611 > CWE-863:Incorrect Authorization > Base Score: 10 > Risk Class: Critical > Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Security Advisory - ------------------------------------------------------------------------ Mitigation: OMICRON has released StationGuard device image version 2.21.0081 and StationScout device image version 2.21.0064 which address the issue and fix the vulnerability. It is strongly recommended that customers currently using the affected versions install the latest update available on the customer portal (registration required) as soon as possible to ensure the security of their system. More information about StationGuard and StationScout, including the link to download them, can be found on https://www.omicronenergy.com/en/products/stationguard/ and https://www.omicronenergy.com/en/products/stationscout/ Acknowledgments - ------------------------------------------------------------------------ Hendrik Schwartke (OpenSource Security GmbH) -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmVdk5AACgkQ8BT0uMcu yBgmcxAApadZLPMlDDF+rFDNXalebbmyH7D5x4FhUkCgdMRdEsc927QgXOJ0kCRO 8NeQbbQnBAYVGMoYfVrMlJhmcZoei0YSs2e5nu6JpxmGrNcl7QlLZiuKyTbxWWE2 HmpHClAtId+og++MdkDEjLv2BizGYe31asAkiJtsCw/mxjkOHghFbTX7y2+5wUyT ElAYZY8wp7eJ2+OSb3tP7hVksMfttXlCFvmx9REiG2KC5tCANzNlU3fLpfGFiYS4 TZNUwxwrpPwzhU30IbKu7857SzY0Qr4Ao5tY60uk3FeG1bMhu3amszXdHo53aQLN ttp+vfuCqZTEWvgMFev7fPM8ty8CCj0UB2XWQhv1M5Fe+Tb7CJEpOaEpKMdjKMCk Ttdvx+ndklHbfds/3muUw2p8MxGiD4KIsmDeeT/zMsVQzmLqL04glqDnV8MRjpRV 6AEXC9+nOwq+SvHp6hbVag+WpovWoQy3LX7oKFvql8wkvxNc7XDXdsg/Om/3fVKk ZtrOshFVbyrYuAqT0kx9b4XCBo4kORsZz22hh6jSXokyfZVH+CinA0l2MN8TDqKR kxBpwfJ+1MwYPe6VycUrJpSdFLMpjs3hjfkwJgZLKwkdrJxl2Xxlin9ZHjXtTPxy V8qtn4yC9q0PNCY4sPPfcwkX1z8MXbRrYA0xvzAimTqJSA8t93E= =0LWx -----END PGP SIGNATURE-----