Home / Early Warning / Ics Advisories / 4CCT vulnerable to a denial of service attack

4CCT vulnerable to a denial of service attack

Publication date: 
01/28/2021
Importance: 
4 - Alta
Affected resources: 

4CCT-EA6-334126BF, firmware version 3.23.80.27.36371.

Description: 

INCIBE has coordinated the publication of a vulnerability in the ZIV 4CCT device, with the internal code INCIBE-2021-0039, which has been discovered by the Industrial Cybersecurity team of S21Sec, special mention to Aarón Flecha Menéndez.

CVE-2021-25909 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

Solution: 

Update to firmware version 3.23.80.58.46120.

This situation can also be overcome by installing the device in a bandwidth limited network with access privileges requirements.

Detail: 

4CCT device from ZIV Automation is vulnerable to a Denial of Service attack through port 7919.

The exploitation of this vulnerability might allow a remote attacker to cause a disruption in the operation of the device by sending specific packets to the port 7919.

Once the attack is finished, the device gradually recovers its normal operation.

CWE-400: Uncontrolled Resource Consumption.

Timeline

10/03/2020 – Researchers disclosure.
25/05/2020 – Researchers contact with INCIBE.
03/07/2020 – Vendor confirms the vulnerability to INCIBE.
21/12/2020 – ZIV confirms that the fix version and the release software patch have been published (Security Patch/new version).
28/01/2021 – The advisory is published by INCIBE.

If you have any information regarding this advisory, please contact INCIBE as indicated in the CNA disclosure policy.

Encuesta valoración