CVE-2018-12924 in Serial-Ethernet-Module
Summary
by MITRE
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/23/2020
The vulnerability identified as CVE-2018-12924 affects Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices that implement TELNET services with a hard-coded default password of "sollae". This represents a critical security weakness that exposes these industrial networking devices to unauthorized access and potential compromise. The flaw resides in the authentication mechanism of the TELNET service where vendors failed to implement proper password policies or require explicit password changes during initial device configuration, leaving devices accessible with well-known default credentials.
This vulnerability directly maps to CWE-798, which categorizes the use of hard-coded credentials as a significant security risk, and aligns with ATT&CK technique T1075 which covers legitimate credentials for lateral movement. The default password configuration creates an easily exploitable entry point for threat actors who may leverage this weakness to gain unauthorized administrative access to industrial control systems. The TELNET protocol itself presents additional risks as it transmits credentials and commands in plaintext, making the compromise even more dangerous when combined with the default password issue.
The operational impact of this vulnerability extends beyond simple unauthorized access, as these devices typically serve critical functions in industrial environments where they facilitate communication between serial devices and network infrastructure. Attackers who successfully exploit this weakness can potentially manipulate industrial processes, access sensitive operational data, or use the compromised devices as launching points for further attacks within the industrial network. The vulnerability affects devices that are commonly deployed in manufacturing, energy, and other critical infrastructure sectors where unauthorized access could result in operational disruptions, safety hazards, or data breaches.
Organizations should immediately implement mitigation strategies including changing default passwords on all affected devices, disabling unused TELNET services, and implementing network segmentation to isolate these industrial devices from general network access. The recommended approach involves conducting comprehensive inventory audits to identify all affected devices, enforcing strong password policies that require complex, unique credentials for each device, and transitioning from TELNET to more secure protocols such as SSH for remote administration. Additionally, network monitoring should be enhanced to detect unusual TELNET connection patterns that might indicate exploitation attempts, while regular security assessments should be performed to ensure compliance with industrial cybersecurity standards and best practices.