CVE-2021-27440 – The Reason DR60 industrial device contains a ha... (How to Fix)

Q: What is the severity of CVE-2021-27440?

CVE-2021-27440 has a CVSS score of 9.8 (CRITICAL). The Reason DR60 industrial device contains a hard-coded password that cannot be changed, allowing attackers to gain unauthorized access. This affects all Reason DR60 devices with firmware versions prior to 02A04.1, potentially compromising industrial control systems.

📋 TL;DR

The Reason DR60 industrial device contains a hard-coded password that cannot be changed, allowing attackers to gain unauthorized access. This affects all Reason DR60 devices with firmware versions prior to 02A04.1, potentially compromising industrial control systems.

💻 Affected Systems

Products:

Reason DR60

Versions: All firmware versions prior to 02A04.1

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All Reason DR60 devices are vulnerable by default due to the hard-coded password that cannot be changed by users.

📦 What is this software?

Reason Dr60 Firmware by Ge

View all CVEs affecting Reason Dr60 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, unauthorized access to sensitive industrial networks, potential manipulation of physical processes, and disruption of critical infrastructure operations.

🟠

Likely Case

Unauthorized access to the DR60 device, network reconnaissance, credential theft, and lateral movement within industrial networks.

🟢

If Mitigated

Limited impact if device is isolated in segmented networks with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can easily exploit the hard-coded credentials.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the hard-coded password and network access to the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 02A04.1

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03

Restart Required: Yes

Instructions:

1. Download firmware version 02A04.1 from Reason official sources. 2. Follow Reason's firmware update procedure for DR60 devices. 3. Verify successful update and restart device.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate DR60 devices in separate network segments with strict firewall rules

Access Control Lists

all

Implement strict network access controls to limit connections to DR60 devices

🧯 If You Can't Patch

Segment DR60 devices in isolated VLANs with strict firewall rules
Implement network monitoring and intrusion detection for unauthorized access attempts
Disable unnecessary services and ports on DR60 devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version on DR60 device web interface or console. If version is below 02A04.1, device is vulnerable.

Check Version:

Check device web interface at System > Firmware or use console commands specific to DR60

Verify Fix Applied:

Verify firmware version shows 02A04.1 or higher in device interface.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful login
Unauthorized access from unexpected IP addresses
Configuration changes from unknown users

Network Indicators:

Unexpected connections to DR60 management ports
Traffic patterns indicating reconnaissance
Authentication attempts using default credentials

SIEM Query:

source="DR60" AND (event_type="authentication" AND result="success") AND user="default"

📊 Metadata

CVE ID: CVE-2021-27440

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-259

Published: March 25, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27440, you might also want to check these: