CERT mailing list archives
Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory
From: "US-CERT" <US-CERT () public govdelivery com>
Date: Wed, 26 Jun 2013 16:05:04 -0500
US Computer Emergency Readiness Team banner graphic National Cyber Awareness System: Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory [ https://www.us-cert.gov/ncas/current-activity/2013/06/26/Digital-Alert-Systems-and-Monroe-Electronics-EAS-Firmware-Security ] 06/26/2013 04:25 PM EDT Original release date: June 26, 2013 Digital Alert Systems' DASDEC [ http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf ] and Monroe Electronics' One-Net E189 [ http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf ] Emergency Alert System (EAS) encoder/decoder (ENDEC) devices exposed a shared private root SSH key in publicly available firmware images. Additional information is also available in CERT Vulnerability Note VU#662676 [ http://www.kb.cert.org/vuls/id/662676 ]. US-CERT recommends that users and administrators review the CERT Vulnerability Note VU#662676 [ http://www.kb.cert.org/vuls/id/662676 ] and apply one or more of the recommended solutions. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory US-CERT (Jun 26)