Francesco Benvenuto and Matt Wiseman of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered several vulnerabilities in Sealevel Systems Inc.’s SeaConnect internet-of-things edge device — many of which could allow an attacker to conduct a man-in-the-middle attack or execute remote code on the targeted device.
The SeaConnect 370W is a WiFi-connected edge device commonly used in industrial control system (ICS) environments that allow users to remotely monitor and control the status of real-world I/O processes. This device offers remote control via MQTT, Modbus TCP and a manufacturer-specific interface referred to as the “SeaMAX API.”
There are three buffer overflow vulnerabilities — TALOS-2021-1389 (CVE-2021-21960 and CVE-2021-21961) and TALOS-2021-1390 (CVE-2021-21962) — that exist in this device which could allow an attacker to execute arbitrary code on the targeted machine. These vulnerabilities have severity scores of 10.0, 10.0, and 9.0 respectively, making them the most serious of the reported vulnerabilities.
Another vulnerability, TALOS-2021-1388 (CVE-2021-21959), makes it easier for an adversary to carry out a man-in-the-middle attack between the device and the SeaConnect cloud service, and eventually take complete control of the device. While conducting a man-in-the-middle attack, the adversary could then exploit any of TALOS-2021-1391 (CVE-2021-21963), TALOS-2021-1395 (CVE-2021-21968), TALOS-2021-1396 (CVE-2021-21969 and