CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.5%
**ATTENTION:**Remotely exploitable/low skill level to exploit.
Vendor: Korenix
Equipment: JetNet
Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials
The following versions of JetNet, an Ethernet switch, are affected:
Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote access to the device to run arbitrary code and perform man-in-the-middle attacks.
Korenix has produced new firmware that removes the undocumented hard-coded credentials from supported systems. The new firmware is available for download at:
http://www.korenix.com/upload/doc/FW_JetNet5310G_V2.0.rar
Korenix recommends that affected users use the software support certificate replacement feature to change certificates on affected devices.
Users can find customer support links for Korenix at: <http://www.korenix-usa.com/contact-us.php>
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICSβCERT Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.
CVE-2017-14021 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.
CVE-2017-14027 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Mandar Jadhav of the Qualys Vulnerability Signature/Research Team reported these vulnerabilities to ICS-CERT.
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Walnut, California
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14021
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14027
www.korenix-usa.com/contact-us.php
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-17-299-01
cwe.mitre.org/data/definitions/321.html
cwe.mitre.org/data/definitions/798.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Korenix%20JetNet+https://www.cisa.gov/news-events/ics-advisories/icsa-17-299-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-17-299-01&title=Korenix%20JetNet
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.google.com/url?q=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__www.korenix.com_upload_doc_FW-5FJetNet5310G-5FV2.0.rar%26d%3DDwMFaQ%26c%3D54IZrppPQZKX9mLzcGdPfFD1hxrcB__aEkJFOKJFd00%26r%3DzE5lG3CZZIbdBvT6slVAzQ%26m%3DQXy7b7zzk4TaDwEwsBRlmiQfhlYMT9kiS916Pc9VL8o%26s%3Dy8DbGJqzEj8NwFHQfnJELEWuRZNdHz5a5ThWz4IqcM0%26e%3D&sa=D&sntz=1&usg=AFQjCNFxVXODzAagZxC8JZN-Ia6lrOq2Og
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-17-299-01
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Korenix%20JetNet&body=www.cisa.gov/news-events/ics-advisories/icsa-17-299-01
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.5%