Janitza UMG 96-PA and UMG 96-PA-MID+ Modbus Interface Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Janitza UMG 96-PA and UMG 96-PA-MID+ devices running firmware prior to 3.54. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted Modbus read command, causing the device to become unresponsive and unavailable until it is restarted. The issue also disrupts the device's measurement functionalities, leading to a loss of operational capability until the next reboot.

Impact

Exploitation of this vulnerability causes the device to become unresponsive, failing to process requests or perform measurement functions effectively. This unavailability persists until the device is restarted.

Remediation

Users are advised to update the device to version 3.54 or later, and to operate the device in a closed network protected by a suitable firewall, limiting network access to only necessary components. Special attention should be given to the Modbus protocol, as it is the core communication method for these devices.