CVE-2021-43575 in ETS6
Summary
by MITRE • 11/10/2021
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 08/04/2024
The vulnerability identified as CVE-2021-43575 affects KNX ETS6 versions through 6.0.0 and represents a significant security weakness related to hardcoded credentials and improper cryptographic implementation. This issue manifests through the use of a hard-coded password ETS5Password combined with a fixed salt value of Ivan Medvedev, creating a predictable authentication mechanism that exposes project information to unauthorized local access. The vulnerability operates at the application level and specifically targets the configuration and project management components of the KNX Engineering Tool Suite, which is widely used for designing and configuring building automation systems.
The technical flaw stems from a fundamental security misconfiguration where the software incorporates hardcoded cryptographic credentials that should never be embedded within the application code. This pattern aligns with CWE-798, which addresses the use of hardcoded credentials, and CWE-327, which covers the use of weak cryptographic algorithms or implementations. The hardcoded password combined with the fixed salt value creates a deterministic encryption scheme that can be easily reverse-engineered or brute-forced by local attackers, particularly given the predictable nature of the salt value. The vulnerability allows local users to access project information that would normally be protected through proper authentication mechanisms, effectively bypassing the intended security controls.
The operational impact of this vulnerability extends beyond simple information disclosure, as it compromises the integrity and confidentiality of building automation project data. Local attackers can potentially access sensitive configuration information, network topology details, device settings, and other project-specific data that could be used for further attacks or system compromise. This vulnerability particularly affects industrial control systems and building automation environments where KNX ETS6 is deployed, potentially enabling attackers to gain insights into critical infrastructure configurations. The similarity to CVE-2021-36799 indicates a broader pattern of insecure credential handling within the software ecosystem, suggesting that similar issues may exist in related components or versions.
The vendor's response dismissing this as not their responsibility reflects a common but problematic perspective in security assessments, particularly when dealing with software that handles cryptographic key material. However, from an operational security standpoint, the presence of hardcoded credentials in any software component creates a risk that must be addressed through proper security controls. The vulnerability demonstrates the importance of following security best practices such as those outlined in the OWASP Top Ten and NIST Cybersecurity Framework, which emphasize the need for secure credential management and proper cryptographic implementation. Organizations using KNX ETS6 should implement additional security controls including network segmentation, access controls, and regular security assessments to mitigate the risks associated with this hardcoded credential issue. The vulnerability also highlights the need for proper security testing during the software development lifecycle, particularly focusing on credential management and cryptographic implementation practices that align with industry standards such as those defined in ISO/IEC 27001 and NIST SP 800-53.