Hardcoded SSH Keys Vulnerability in Advantech EKI Devices
CVE-2015-6476

Currently unrated

Key Information:

Vendor: Advantech
Status: Eki-1321 Series Firmware; Eki-1322 Series Firmware
Vendor: CVE Published:; 7 November 2015

Summary

Certain Advantech EKI Series devices are exposed to a security risk due to hardcoded SSH keys in their firmware versions prior to specified updates. This vulnerability allows remote attackers to potentially gain unauthorized access to the devices via SSH sessions, compromising system integrity and exposing sensitive information. Users are urged to update their firmware to the latest versions to mitigate this risk.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01

x_refsource_MISC

Timeline

Vulnerability published
Nov 7, 2015
Vulnerability Reserved
Aug 17, 2015