CVE-2018-10603
published 2018-07-31CVE-2018-10603: Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may…
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.41%
87.4th percentile
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| martem | telem-gw6_firmware | <= 2018.04.18-linux_4-01-601cb47 | — |
| martem | telem-gwm_firmware | <= 2018.04.18-linux_4-01-601cb47 | — |
| martem | telem_gw6 | — | — |
| martem | telem_gwm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated IEC-104 control commands (ASDU type C_SC_NA_1, C_DC_NA_1, etc.) originating from unexpected or untrusted source IP addresses on IEC-104 default port (TCP/2404), as the RTU does not perform authentication of these commands. ↗
- →Alert on IEC-104 connections where new connections to IOAs are created repeatedly without proper closure — this pattern indicates exploitation of the resource exhaustion vector (CVE-2018-10607) and may accompany CVE-2018-10603 abuse. ↗
- →Flag any IEC-104 control traffic to Martem TELEM-GW6/GWM devices running firmware versions prior to 2018.04.18-linux_4-01-601cb47 (NVD) or GW6/GWM versions prior to 2.0.87-4018403-k4 from nodes not listed in the 'other side IP' whitelist field of the RTU configuration. ↗
- ·The missing authentication vulnerability is configuration-dependent: risk is significantly reduced if the 'other side IP' field is populated in RTU configuration for every TCP/IP channel, restricting IEC-104 control to trusted partners only. ↗
- ·Firewall must be enabled in RTU configuration AND the 'interface' field of every communication channel must be correctly set — misconfiguration of either negates the firewall protection against unauthenticated IEC-104 commands. ↗
- ·Not all firmware versions are affected by all four vulnerabilities; detection scope should be scoped to devices confirmed running affected firmware versions. ↗
- ·No known public exploits exist for this vulnerability at time of advisory publication, reducing but not eliminating detection urgency. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Martem TELEM-GW6/GWM (Update B)
cisa_ics·2018-05-22·CVSS 9.8
[CRITICAL] Martem TELEM-GW6/GWM (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Martem TELEM-GW6/GWM (Update B)
Last RevisedAugust 30, 2018
Alert CodeICSA-18-142-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Martem
- Equipment: TELEM-GW6/GWM
--------- Begin Update B Part 1 of 5 --------
- Vulnerabilities: Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion, Cross-Site Scripting
--------- End Update B Part 1 of 5 --------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-142-01 Martem TELE
GHSA
GHSA-mpwv-79rv-2h5m: Martem TELEM GW6 and GWM devices with firmware 2018
ghsa_unreviewed·2022-05-13
CVE-2018-10603 [CRITICAL] CWE-287 GHSA-mpwv-79rv-2h5m: Martem TELEM GW6 and GWM devices with firmware 2018
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-31
Published