Ingecon Sun EMS Board Privilege Escalation Vulnerability via Insecure Credential Generation

A vulnerability allowing privilege escalation has been identified in the Ingecon Sun EMS Board, due to the insecure generation of access credentials for local SAT (Technical Support) functionality. The issue arises from the use of a weak hashing algorithm that does not provide a secure cryptographic basis for the credentials. This vulnerability affects several firmware versions, including AAX1055CT or earlier, ABU1001_P or earlier, ACL1201_B or earlier, ACL1200AL or earlier, ABH1027_K or earlier, ABH1007_Z or earlier, ABS1009_L or earlier, ABS1005_T or earlier, ACB1005_A or earlier, and AAX1031CN or earlier.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated access rights on the affected device.

Remediation

Users are advised to update to the latest firmware versions. The specific updated versions vary by the current firmware version in use. Instructions for updating can be found in the official advisory from INCIBE.