MBS Universal BACnet Router UBR Pass Filter Misconfiguration Vulnerability
Vulnerability
A vulnerability exists in the MBS Universal BACnet Router UBR's web interface, specifically in the handling of pass filters. Administrators may configure a pass filter with an empty table, believing it will block all network traffic. However, in practice, an empty list does not enforce any restrictions and allows all traffic to pass unfiltered. This misconfiguration could lead to unauthorized access by failing to block connections, leaving the network accessible despite the installer's intentions.
Impact
Exploiting this vulnerability could result in unrestricted network access, allowing traffic from all networks to pass through unfiltered. This could lead to unauthorized access or interference with networked systems.
Remediation
Users are advised to update to the latest UBR firmware version 6.0.1.0, which addresses this vulnerability. For more details, please check the release notes on the MBS Solutions website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.