Login Sign Up

CVE-2017-6047

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2017-6047 exposes plaintext passwords in an unauthenticated file on Detcon Sitewatch Gateway devices. This allows attackers to obtain administrative credentials and fully compromise the industrial control system gateway. All versions without cellular connectivity are affected.

💻 Affected Systems

Products:
  • Detcon Sitewatch Gateway
Versions: All versions without cellular connectivity
Operating Systems: Embedded/Proprietary
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects non-cellular versions. Cellular versions are not vulnerable.

📦 What is this software?

Detcon Sitewatch Gateway by 3m

View all CVEs affecting Detcon Sitewatch Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover allowing attackers to manipulate industrial processes, disable safety systems, or exfiltrate sensitive industrial data.

🟠

Likely Case

Unauthorized access to the gateway leading to configuration changes, monitoring disruption, or credential harvesting for lateral movement.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent attackers from reaching the vulnerable file.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can easily retrieve credentials without authentication.
🏢 Internal Only: HIGH - Even internally, any network-accessible attacker can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only HTTP access to retrieve the password file. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Detcon for updated firmware

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01

Restart Required: Yes

Instructions:

1. Contact Detcon for updated firmware. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Verify passwords are no longer stored in plaintext.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Sitewatch Gateway from untrusted networks and restrict access to authorized IPs only.

Access Control Lists

all

Implement firewall rules to block all external access to the gateway's web interface.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the gateway from all untrusted networks
  • Change all passwords immediately and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check if accessible file contains plaintext passwords. Access the gateway's web interface and look for password files.

Check Version:

Check firmware version through web interface or contact Detcon support

Verify Fix Applied:

Verify that password files are no longer accessible or contain encrypted/hashed passwords only.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to password files
  • Multiple failed login attempts followed by successful login

Network Indicators:

  • HTTP requests to known password file locations
  • Unusual traffic patterns to/from the gateway

SIEM Query:

source_ip="gateway_ip" AND (url_contains="password" OR url_contains="cred")

📊 Metadata

CVE ID: CVE-2017-6047
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: April 2, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-6047, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2019-1867 10.0

This vulnerability allows unauthenticated remote attackers to bypass authentication on Cisco Elastic...

Same vulnerability type (CWE-287)