-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Denial-of-Service Vulnerability in StationGuard 1.0 ----------------------------------------------------------------- Security Advisory ID: OSA-1 Release Date: 2021-04-16 Revision: 1.0 OMICRON Product Security Team | security@omicronenergy.com Summary ----------------------------------------------------------------- The client interface of StationGuard version 1.0 is affected by a vulnerability in a 3rd party component that may allow a remote attacker to cause a denial-of-service of the device. Multiple specially crafted TCP packets sent to port 20499 of the device can lead to a denial-of-service situation, so that StationGuard clients cannot connect to the device anymore. This vulnerability only affects the CTRL Ethernet port of the device. The other Ethernet interfaces (STATION) are not affected. The intrusion detection engine is not affected, alerts are continued to be logged and stored. Running Syslog (SIEM) connections are not affected, alerts are continued to be sent out. OMICRON has released a new software version of StationGuard version 1.10 in November 2020 that remediates this vulnerability. Affected OMICRON Products ----------------------------------------------------------------- > StationGuard 1.0 Vulnerability Classification ----------------------------------------------------------------- > Base Score: 7.5 > Risk Class: High > Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H > CVE-2021-30464 > CWE-400: Uncontrolled Resource Consumption Security Advisory ----------------------------------------------------------------- Mitigation: OMICRON has released a new software version of StationGuard version 1.10 in November 2020 that remediates this vulnerability. Customers that are using the affected StationGuard version are recommended to install the latest update that is available in the customer portal (registration required). More information about StationGuard, including the link to the customer portal can be found on https://www.omicronenergy.com/en/products/stationguard/ Workaround: Always use the latest version of StationGuard. Furthermore, it is recommended to protect the TCP port 20499 against unauthorized access via firewall rules and/or VPN solutions. Acknowledgments ----------------------------------------------------------------- This vulnerability has been discovered during a penetration test by our internal penetration testing and security analysis team. A related third-party vulnerability was reported and patched as a result of a coordinated disclosure. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmB4KEIACgkQ8BT0uMcu yBh9PhAAvlBSGCTWGphk5FxTIAF3olBrbyIbIrW0egc5pbTWEgCTZXrL8Hh2nVwA uYUARTBoZwkf6a/EHOTApjo1IMMfq5NeiuSZb6X14R8s/hDHLLCmExcJSx4ghf5y QtPuRDGbZvPbO5lC0sWW45QH9OZ4YME7EkdxSxMBrRG/z4+Vw0uU8TFCXyAvKoBP OEBOY4Re0D4l1+Yt3YrHHpUpk3kl/63tnGeCYVB75kbGDyBdB2N131v46F0iRZO0 mclUi/rwV3GZyLJD+Xum8gKf3i3zgvgpsCAAqYR/RvR7VLLiGtVDguDFN4hF/h7f 0w5MYOoeJAT8rKytc30p3KA1tKOMEdXEZ3k8D9q0d4aGp3tECCngPcRMcEF01NqP A+Jmo+wJazqpaGMgyba5xu8h3GBpfY3ojD7UQyjcGMQblnR49V+AS4c96W3z2jX3 ZQLmKa0TzPf0zF/hij0bXeeu+vY6AgLTJzGJTx6TR2bt1VBcybZZYUGnzGN1BCmg I0tHNCUCoU52pgvFlVyd0hR01TVvAmrKTNYfyS5peiYFyARKX9LYDkdPxZWVySl+ e5Adb/uclFBumCwLZuLZVwD7oz0usP+/bCqvOEmbrujIifNd3ot9Hsmv2m9olVYl eA6b/wQJEIMB+6KOf1xhU6UDMVQG+q13qsVtV5apIJqhZElBfWw= =l9se -----END PGP SIGNATURE-----