ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

Tuesday, June 19, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

An independent research group comprised of Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line.

By impersonating the device, an attacker can obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack.

Innominate has validated the vulnerability and produced an update that resolves the reported vulnerability. This vulnerability can be remotely exploited. ICS-CERT has coordinated this vulnerability with Innominate, which has produced an update that resolves this vulnerability.

All versions of the following Innominate products are affected:

• mGuard Smart HW-101020, HW-101050, BD-101010, BD-101020
• mGuard PCI HW-102020, HW-102050, BD-111010, BD-111020
• mGuard Industrial RS HW-105000, BD-501000, BD-501010, BD-501020
• mGuard Blade HW-104020, HW-104050
• mGuard Delta HW-103050, BD-201000
• EAGLE mGuard HW-201000, BD-301010
• All products manufactured prior to 2006

IMPACT

This vulnerability can weaken the security posture of any industrial network in which these products are deployed.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.

BACKGROUND

Innominate is a company based in Berlin, Germany, founded in 2001. Innominate’s mGuard product line includes firewall and VPN network security appliances.

Innominate’s products are deployed in many sectors including manufacturing, electric power generation, water, transportation, healthcare, communications, and satellite operations. Innominate reports that the mGuard products are used many countries worldwide.

VULNERABILITY OVERVIEW

INSUFFICIENT ENTROPY:  The mGuard products do not use sufficient entropy when generating keys for HTTPS and SSH, therefore making them too weak. By calculating private keys, an attacker could perform a MitM attack on the system. This could allow the attacker to execute arbitrary code or gain unauthorized access to the system. Keys that are loaded as part of the mGuard configuration (i.e., VPN) are not affected. CVE-2012-3006 has been assigned to this vulnerability. A CVSS v2 base score of 7.1 has been assigned; the CVSS vector string is (AV:N/AC:H/Au:S/C:C/I:C/A:C).

EXPLOITABILITY:  An attacker can predict the user’s session ID and potentially hijack the session. This vulnerability could be exploited remotely by a MitM type attack. An attacker that has obtained unauthorized access could inject malicious code or change system settings. The attacker must first successfully guess or calculate the private key of the mGuard device and have physical access to the network path between the device and a legitimate administrator or have the ability to deviate legitimate device traffic to the attacker’s system using techniques such as ARP spoofing.

EXISTENCE OF EXPLOIT:  No known exploits specifically target this vulnerability.

DIFFICULTY:  An attacker with a high skill level would be able to exploit this vulnerability.

MITIGATION:  Software Version 7.5.0 or later properly uses existing entropy before generating HTTPS and SSH keys. It also increases the size of the RSA keys from 1,024 bits to 2,048 bits. The software update can be found at Innominate download website. recommends changing passwords after new keys are generated.

Innominate recommends one of the three following mitigation procedures:

1. Use the Rescue Procedure to install the software Version 7.5.0. New keys will be generated as part of this process.

2. Use the update mechanism to update the devices to Version 7.5.0.
a. Install the update. Existing keys will be kept.
b. After the update, the existing keys must be replaced by using one of the following methods:

i. Web User Interface
1) Login as root or admin user.
2) Press the “Generate new 2048 bit keys” button either in the “Web Settings -> Access” or in the “System Settings -> Shell Access” menu.
3) Note the fingerprint output of the newly generated keys.
4) Login via HTTPS and compare the certificate information provided by the browser.

ii. Console
1) Login via the serial console or SSH as root or admin user.
2) Call the program: $ rsa_renewal update.
3) Note the fingerprint output of the newly generated keys.
4) Login via SSH and compare the fingerprints shown by the SSH.

3. Upload and execute a shell script via SSH as root, provided by Innominate. The script will generate new 2,048 bit keys without requiring an update to software Version 7.5.0.

a. The script can be downloaded from Innominate at http://www.innominate.com/en/downloads/software-and-misc.
b. Use scp to copy the script onto the mGuard like (but appropriate for the user’s setup): $ scp generate_2048key.sh root@192.168.1.1:/root/.
c. Login via SSH as root user.
d. Execute the script: $ sh /root/generate_2048key.sh.
e. Note the fingerprint output of the newly generated keys.
f. Login via SSH and compare the fingerprints shown by SSH.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf

Possibly Related Articles:
13563
SCADA
Industrial Control Systems
SCADA Access Control Vulnerabilities SSH HTTPS Man-In-The-Middle ICS-CERT Industrial Control Systems Innomate MGuard
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.