Number: AV16-086
Date: 29 May 2016
Purpose
The purpose of this advisory is to bring attention to a Sixnet BT Series firmware and software security update released by Red Lion Controls.
Assessment
Red Lion Controls released a firmware and software security update for Sixnet BT series M2M cellular routers to address a hard-coded credentials vulnerability. An attacker could remotely exploit this vulnerability by using the hard-coded factory password to gain full access to affected devices.
Affected versions:
Sixnet BT-5xxx and BT-6xxx series M2M cellular routers versions prior to 3.8.21.
CVE Reference: CVE-2016-4521
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
ICS-CERT Advisory (ICSA-16-147-02)
https://ics-cert.us-cert.gov/advisories/ICSA-16-147-02
Sixnet Industrial Wireless Software and Firmware
http://www.redlion.net/resources/software/sixnet-software/industrial-wireless-software-firmware