Electro Industries GaugeTech Multiple Vulnerabilities

Vendor: Electro Industries GaugeTech (also marketed under ‘GE Power Leader Web Solutions’ it appears)
Nexus 1250
Nexus 1262
Nexus 1272
Nexus 1500
Product link: http://www.electroind.com/dl_page_nexus-meters.html
Shodan: EIG Embedded Web Server

By default, unauthenticated access, can get information on the power meter as well as:

Reveals internal IP and gateway

According to the Nexus 1500 manual:

NOTE: If password protection is not enabled for the meter, the default username and password are both “anonymous”.

With that default, you can access http://host/update1.htm and upload custom/malicious firmware.

Discovered: 2013-04-10
ICS-CERT notified: 2013-04-11


Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: