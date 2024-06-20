PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch

erek

erek

[H]F Junkie
Joined
Dec 19, 2005
Messages
11,723
Bad

1718860308878.png


"The flaw has been assigned the identifier CVE-2019-6268, but no information appears to have been publicly available until early March 2024, when someone released technical details and a PoC on the Packet Storm website.

“RAD SecFlow-2 devices with hardware 0202, firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for directory traversal, as demonstrated by reading /etc / shadow,” reads the description posted on Packet Storm for CVE-2019-6268.

It adds, “[An] unauthorized attacker can create a crafted request to obtain any file from the operating system (password hashes).”

Vulnerabilities related to the exposure of passwords can pose a significant risk to ICS and other OT systems. SecurityWeek recently spoke to multiple experts about the prevalence of such flaws and their potential impact.

CISA informed RAD about the vulnerability after finding the PoC, but the SecFlow-2 product has reached end of life (EOL) and the vendor has advised customers to upgrade their devices to the newer SecFlow-1p industrial IoT gateway.

In addition, the cybersecurity agency has provided some general recommendations to reduce the risk of malicious exploitation."

Source: https://www.securityweek.com/cisa-i...erability-in-rad-secflow-2-industrial-switch/
 
Perhaps post less security faults in news, it hapens all the time and we don't need a update every time something is exploited or data is sold.

Specifically in this post, who cares? A security flaw was found in a specific bit of obsolete hardware. Seems nearly irrelevant and far from news

I do generally appreciate most of your posts, the focus on security stuff and just posting many exploits seems excessive, hardly worthy of discussion.
 
  • Like
Reactions: erek
like this
cdabc123 said:
Perhaps post less security faults in news, it hapens all the time and we don't need a update every time something is exploited or data is sold.

Specifically in this post, who cares? A security flaw was found in a specific bit of obsolete hardware. Seems nearly irrelevant and far from news

I do generally appreciate most of your posts, the focus on security stuff and just posting many exploits seems excessive, hardly worthy of discussion.
Click to expand...
You’re right and I’ve just been thinking about that

Worried that it’s raising blood pressures too

:(
 
cdabc123 said:
Perhaps post less security faults in news, it hapens all the time and we don't need a update every time something is exploited or data is sold.

Specifically in this post, who cares? A security flaw was found in a specific bit of obsolete hardware. Seems nearly irrelevant and far from news

I do generally appreciate most of your posts, the focus on security stuff and just posting many exploits seems excessive, hardly worthy of discussion.
Click to expand...
Obsolete sure, but attached to millions of IoT devices that cost millions of dollars each and aren’t scheduled to be replaced for decades also yes…
 
You must log in or register to reply here.
Back
Top