CVE-2024-57790 in IXrouter IX2400info

Summary

by MITRE • 02/14/2025

IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/30/2025

The CVE-2024-57790 vulnerability affects the IXON B.V. IXrouter IX2400 industrial edge gateway device running firmware version 3.0. This device operates within industrial environments where security is paramount for operational technology infrastructure. The vulnerability stems from the improper handling of authentication credentials within the device firmware, specifically the presence of hardcoded root credentials stored in non-volatile flash memory. This design flaw represents a critical security oversight that fundamentally undermines the device's authentication security model and creates a persistent backdoor for unauthorized access.

The technical implementation of this vulnerability involves the storage of hardcoded credentials directly within the device's firmware image, making them accessible to anyone with physical proximity to the device. Attackers can exploit this weakness through multiple access vectors including UART console access and SSH connections, both of which are commonly available in industrial settings. The credentials being stored in flash memory means they persist across device reboots and power cycles, creating a permanent access point that cannot be easily remediated through standard password changes. This particular flaw aligns with CWE-798, which specifically addresses the use of hardcoded credentials in software systems, and represents a classic example of poor security engineering practices in embedded systems development.

The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential complete system compromise and operational disruption. An attacker with physical access to the device can gain root privileges and execute arbitrary code, potentially leading to data exfiltration, system modification, or denial of service conditions that could affect industrial processes. The proximity requirement for exploitation does not eliminate the threat, as industrial environments often have limited physical security controls, and the vulnerability can be exploited by insiders or individuals who gain temporary physical access to the device. This weakness particularly affects industrial edge gateways that serve as critical communication points between field devices and enterprise networks, making them attractive targets for adversaries seeking to establish persistent access to industrial control systems.

Mitigation strategies for this vulnerability require immediate action from affected organizations to secure their industrial edge gateway deployments. The primary recommendation involves implementing physical security controls to prevent unauthorized access to the device, including securing device locations and implementing access controls for maintenance personnel. Network segmentation should be employed to limit the potential impact of compromise, and administrators should consider disabling unnecessary services such as SSH and UART access when not actively required. Organizations should also implement regular security assessments of their industrial infrastructure to identify similar hardcoded credential vulnerabilities, and consider firmware updates or replacements for affected devices. The vulnerability demonstrates the critical importance of following secure development practices as outlined in the OWASP Secure Coding Practices, particularly regarding credential management and the avoidance of hardcoded secrets in production systems. Additionally, this vulnerability can be mapped to ATT&CK technique T1078.004 which covers legitimate credentials, highlighting the need for organizations to implement robust credential hygiene practices and monitor for unauthorized access patterns in their industrial environments.

Responsible

MITRE

Reservation

01/09/2025

Disclosure

02/14/2025

Moderation

accepted

CPE

ready

EPSS

0.00170

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!