CVE-2023-22584 – The Danfoss AK-EM100 energy meter stores login ... (How to Fix)

Q: What is the severity of CVE-2023-22584?

CVE-2023-22584 has a CVSS score of 7.5 (HIGH). The Danfoss AK-EM100 energy meter stores login credentials in cleartext, allowing attackers with physical or logical access to read sensitive authentication data. This affects all organizations using vulnerable AK-EM100 devices for energy monitoring and management.

📋 TL;DR

The Danfoss AK-EM100 energy meter stores login credentials in cleartext, allowing attackers with physical or logical access to read sensitive authentication data. This affects all organizations using vulnerable AK-EM100 devices for energy monitoring and management.

💻 Affected Systems

Products:

Danfoss AK-EM100

Versions: All versions prior to patched firmware

Operating Systems: Embedded system

Default Config Vulnerable: ⚠️ Yes

Notes: All AK-EM100 devices with default configuration are vulnerable. The vulnerability exists in how the device stores authentication data.

📦 What is this software?

Ak Em100 Firmware by Danfoss

View all CVEs affecting Ak Em100 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to energy management systems, potentially manipulating energy data, disrupting operations, or using the device as an initial foothold into industrial networks.

🟠

Likely Case

Unauthorized users read stored credentials and gain access to the device's web interface, compromising energy monitoring data and basic device controls.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to credential exposure without lateral movement opportunities.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to stored credential files, which can be obtained through physical access or network access to the device's file system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Danfoss for updated firmware

Vendor Advisory: https://csirt.divd.nl/CVE-2023-22584/

Restart Required: Yes

Instructions:

1. Contact Danfoss support for updated firmware. 2. Backup device configuration. 3. Apply firmware update via web interface or local connection. 4. Verify credentials are now encrypted. 5. Change all passwords after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate AK-EM100 devices on separate VLANs with strict firewall rules to limit access.

Access Control Hardening

all

Implement strict physical and logical access controls to prevent unauthorized access to devices.

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices from critical systems
Enable logging and monitoring for unauthorized access attempts to AK-EM100 devices

🔍 How to Verify

Check if Vulnerable:

Check if login credentials are stored in cleartext in device configuration files or memory. Requires access to device file system.

Check Version:

Check firmware version via web interface at http://[device-ip]/ or via serial connection

Verify Fix Applied:

After patching, verify that credentials are no longer visible in cleartext in configuration files or memory dumps.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login from unusual IP
Unauthorized configuration file access attempts

Network Indicators:

Unusual network traffic to/from AK-EM100 devices
Credential harvesting attempts targeting device IPs

SIEM Query:

source="ak-em100" AND (event_type="auth_failure" OR event_type="config_access")

📊 Metadata

CVE ID: CVE-2023-22584

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-312

Published: June 11, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22584, you might also want to check these: