CVE-2024-12013
📋 TL;DR
The 130.8005 TCP/IP Gateway with firmware version 12h exposes an FTP server with default admin credentials, allowing remote attackers to access configuration files containing password hashes and network settings. This affects organizations using this specific industrial control system gateway with vulnerable firmware.
💻 Affected Systems
- 130.8005 TCP/IP Gateway
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full administrative control, modifies network settings to redirect traffic, extracts password hashes for credential reuse, and potentially disrupts industrial operations.
Likely Case
Attacker accesses configuration files, extracts password hashes for lateral movement, and modifies network settings to enable further attacks.
If Mitigated
Attack is prevented by network segmentation and credential changes, limiting impact to isolated network segments.
🎯 Exploit Status
Requires FTP access and knowledge of default credentials, but no authentication bypass needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version after 12h
Vendor Advisory: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013
Restart Required: No
Instructions:
1. Download latest firmware from vendor. 2. Upload via management interface. 3. Apply update without restart.
🔧 Temporary Workarounds
Change FTP Credentials
allImmediately change default FTP admin credentials to strong, unique passwords.
Use device management interface to modify FTP service credentials
Disable FTP Service
allDisable FTP server if not required for operations.
Use device management interface to disable FTP service
🧯 If You Can't Patch
- Implement network segmentation to isolate device from untrusted networks
- Deploy network monitoring to detect FTP brute-force attempts
🔍 How to Verify
Check if Vulnerable:
Check firmware version via device management interface and verify if FTP service uses default credentials.Check Version:
Check device management interface for firmware version informationVerify Fix Applied:
Confirm firmware version is updated and test FTP access with old credentials fails.📡 Detection & Monitoring
Log Indicators:
- Multiple failed FTP login attempts
- Successful FTP logins from unexpected IPs
- Configuration file modification timestamps
Network Indicators:
- FTP traffic to device on port 21
- Brute-force patterns in FTP authentication
SIEM Query:
source="device_logs" ftp AND (login_failed > 5 OR login_success)