CVE-2022-31479

Name of the Vulnerable Software and Affected Versions HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 versions prior to 1.302 for the LP series and 1.296 for the EP series

Description The issue is related to a flaw in the data protection mechanism of the HID Mercury programmable logic controllers' firmware. This allows an unauthenticated attacker to update the hostname with a specially crafted name, enabling the execution of shell commands during the core collection process. An attacker can gain remote access to the device, monitor communications, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands are executed during startup or when unsafe calls regarding the hostname are used, potentially allowing the attacker to make their persistence permanent by modifying the filesystem.

Recommendations For HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 with firmware versions prior to 1.302 for the LP series and 1.296 for the EP series, update the firmware to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the hostname update feature to minimize the risk of exploitation. Avoid using unsafe calls regarding the hostname until the issue is resolved.