"Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms"
Security researchers at SEC Consult discovered that Korenix JetPort industrial serial device servers have a backdoor account that malicious hackers could abuse in attacks aimed at industrial organizations. The existence of the backdoor account, tracked as CVE-2020-12501, was discovered in 2020, but it was only made public now after a lengthy disclosure process that ended with the vendor saying that the account will not be removed. The researchers stated that the account in question can be exploited by an attacker on the network to access the device's operating system and gain full control. The researchers noted that the attacker could reconfigure the device and possibly gain access to other systems attached to the server. The issue was identified in the Korenix JetPort 5601V3 product, which is designed for connectivity in industrial environments. The researchers also believe that other products, including Westermo and Comtrol branded industrial devices, may also be impacted. The researchers stated that the backdoor account has the same password on all devices as it is stored in the firmware. The password is not stored in clear text and needs to be cracked, but once an attacker has cracked the password, it can be used to attack all affected devices. Moreover, the password cannot be changed by the user. The vendor told SEC Consult the backdoor account is needed for customer support and argued that the password "can't be cracked in a reasonable amount of time."