Independent researcher Maxim Rupp has identified two remote vulnerabilities in Honeywell’s Midas gas detector.
The following Midas versions are affected:
Midas, Version 1.13b1 and prior versions, and
Midas Black, Version 2.13b1 and prior versions.
IMPACT
Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthenticated access to the device, potentially allowing configuration changes, as well as the initiation of calibration or test processes.
The affected products, Midas and Midas Black gas detectors, test air for specific toxic, flammable, and ambient gases.
VULNERABILITIES OVERVIEW
CVE-2015-7907: PATH TRAVERSAL
The web server interface allows the authentication process to be bypassed, potentially allowing unauthorized configuration changes to be made to the device, as well as the initiation of calibration or test processes.
CVE-2015-7908: CLEARTEXT PASSWORD TRANSMISSION
The user’s password is not encrypted during transmission.
MITIGATION
Honeywell has released new firmware versions of the Midas and Midas Black gas detectors, which address the identified vulnerabilities. The new firmware versions for the Midas gas detector, Version 1.13b3, and the Midas Black gas detector, Version 2.13b3.