CVE-2017-9630
📋 TL;DR
An improper authentication vulnerability in PDQ Manufacturing car wash systems allows attackers to bypass authentication on the web interface. This affects all versions of LaserWash, LaserJet, and ProTouch series car wash controllers. Attackers can gain unauthorized access to control systems without valid credentials.
💻 Affected Systems
- PDQ Manufacturing LaserWash G5
- LaserWash G5 S Series
- LaserWash M5
- LaserWash 360
- LaserWash 360 Plus
- LaserWash AutoXpress
- LaserWash AutoExpress Plus
- LaserJet
- ProTouch Tandem
- ProTouch ICON
- ProTouch AutoGloss
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of car wash control systems allowing remote attackers to manipulate equipment, cause physical damage, disrupt operations, or access sensitive business data.
Likely Case
Unauthorized access to control panels allowing configuration changes, operational disruption, or data theft from the affected systems.
If Mitigated
Limited impact if systems are isolated from untrusted networks and have additional authentication layers.
🎯 Exploit Status
Authentication bypass typically requires minimal technical skill. No public exploit code mentioned in advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory - contact vendor for latest firmware
Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03
Restart Required: Yes
Instructions:
1. Contact PDQ Manufacturing for latest firmware updates. 2. Apply firmware updates to all affected systems. 3. Restart systems after update. 4. Verify authentication is properly enforced.
🔧 Temporary Workarounds
Network Segmentation
allIsolate car wash control systems from untrusted networks and internet access
Access Control Lists
allImplement network ACLs to restrict access to car wash controller web interfaces
🧯 If You Can't Patch
- Segment affected systems on isolated VLAN with strict firewall rules
- Implement additional authentication layer (VPN, reverse proxy with auth) before reaching vulnerable interface
🔍 How to Verify
Check if Vulnerable:
Attempt to access web interface without valid credentials. If access is granted, system is vulnerable.Check Version:
Check firmware version via web interface or contact PDQ Manufacturing for version verificationVerify Fix Applied:
After update, attempt authentication bypass. Access should be denied without proper credentials.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful access
- Access from unexpected IP addresses
- Configuration changes without authentication logs
Network Indicators:
- HTTP requests to car wash controllers without authentication headers
- Unusual traffic patterns to controller web ports
SIEM Query:
source_ip=* AND dest_port=(80,443,8080) AND http_user_agent contains 'car wash' AND NOT auth_success=true