10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.3%
This updated advisory is a follow-up to the original advisory titled ICSA-13-038-01—360 Systems Image Server 2000 Series Remote Root Access that was published March 06, 2013, on the ICS-CERT Web site. This advisory provides mitigation details for a vulnerability that impacts the 360 Systems’ Image Server 2000 series devices. Exploitation of this vulnerability could cause loss of integrity.
Independent researchers Neil Smith and Ryan Green have identified a hard-coded password vulnerability in 360 Systems’ Image Server 2000 series devices. 360 Systems has not released a patch, new version, or firmware upgrade to fix this issue, but recommends mitigating this vulnerability by removing the device from any public-facing networks. This vulnerability impacts the communications and emergency services sectors. This vulnerability could be exploited remotely.
The following 360 Systems product versions are affected:
360 Systems is a US-based company that sells products in many countries around the world, including Asia, Latin America, Africa, and North America.
The affected products are video servers used in broadcasting and emergency services. Accordingto 360 Systems the Image Server 2000 series devices are deployed in local and network broadcast stations. 360 Systems estimates that over 3,000 broadcasters use these systems.
The 360 Systems image server series contains a root user that is installed by default by the factory and set with a hardcoded password. An attacker can log into the device through Port 22/TCP using the root credential and hardcoded password with root privileges. This password cannot be changed by the user, neither can the root user account be removed.
[CVE-2012-4702](<http://web.nvd.nist.gov/view/vuln/detail?vulnId= CVE-2012-4702>) has been assigned to this vulnerability. A CVSS v2 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:C/I:C/A:C).
This vulnerability could be exploited remotely.
No known public exploits specifically target this vulnerability.
An attacker with a low skill would be able to exploit this vulnerability.
360 Systems has not produced a patch, new version, or firmware upgrade that removes the hardcoded password or root user account. The vendor recommends that these devices be placed on closed, nonpublic-facing networks. The vendor further recommends the use of properly configured firewalls to restrict access to only necessary ports and the use of Virtual Private Networks if access is required. For more information on proper setup of this device, users may contact 360 Systems’ customer service department.
The operations manuals for each of these devices states:
The server is designed to be used in a private dedicated video network. A firewall must be used in systems that require internal security or connection to public networks. Consult with a network security specialist for guidance on the best hardware, programming and practices for your facility’s requirements.
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT Web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B—Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)
web.nvd.nist.gov/view/vuln/detail?vulnId= CVE-2012-4702
www.360systems.com/contact.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=360%20Systems%20Image%20Server%202000%20Series%20Remote%20Root%20Access%20%28Update%20A%29+https://www.cisa.gov/news-events/ics-advisories/icsa-13-038-01a
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-13-038-01a&title=360%20Systems%20Image%20Server%202000%20Series%20Remote%20Root%20Access%20%28Update%20A%29
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-13-038-01a
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-13-038-01a
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=360%20Systems%20Image%20Server%202000%20Series%20Remote%20Root%20Access%20%28Update%20A%29&body=www.cisa.gov/news-events/ics-advisories/icsa-13-038-01a