PT-2015-3064 · Advantech · Eki-132X+2
Neil Smith
·
Published
2015-11-07
·
Updated
2015-11-09
·
CVE-2015-6476
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Advantech EKI-122x-BE devices versions prior to 1.65
Advantech EKI-132x devices versions prior to 1.98
Advantech EKI-136x devices versions prior to 1.27
Description
The issue is related to hardcoded SSH keys in the affected devices, making it easier for remote attackers to obtain access via an SSH session. This allows a remote attacker to gain access to the device by establishing an SSH connection.
Recommendations
For Advantech EKI-122x-BE devices versions prior to 1.65, update the firmware to version 1.65 or later.
For Advantech EKI-132x devices versions prior to 1.98, update the firmware to version 1.98 or later.
For Advantech EKI-136x devices versions prior to 1.27, update the firmware to version 1.27 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eki-122X-Be
Eki-132X
Eki-136X