Advantech WISE-4060LAN Modbus Packet Injection Vulnerability

A vulnerability exists in the Advantech WISE-4060LAN IoT Gateway, specifically in the Modbus TCP implementation for door control. This issue allows unauthenticated, remote attackers to send Modbus TCP packets that manipulate the Digital Outputs of the device. Exploitation could lead to unauthorized control of relay channels, causing operational or safety risks, such as disrupting controlled systems or creating unsafe conditions.

Impact

Exploitation of this vulnerability allows remote manipulation of the device's Digital Output channels, potentially leading to unauthorized control of connected systems, such as power relays or alarms. In this case, the vulnerability affects a door control system, where unauthorized actions could disrupt normal operations or create safety hazards.

Reproduction

The vulnerability can be reproduced by sending Modbus TCP packets to the WISE-4060LAN module over the network. The 'main.py' script available in the GitHub repository 'shipcod3/CVE-2025-48466' automates this process by fuzzing the addresses of the Digital Output channels. Successful exploitation can be verified by checking the response from the device; a response ending in '0x00' indicates a successful manipulation, while '0x02' signifies a failure.

Remediation

Users and administrators are advised to update to firmware version A2.02 B00, which addresses this vulnerability by introducing the option to manually disable Modbus TCP communication. After updating, Modbus TCP should be disabled if not required for the device's operation.