CubeSpace CW0057 Reaction Wheel

Summary

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature flaw. Successful exploitation, requiring physical access, could allow an attacker to upload arbitrary malicious firmware to the device.

IFF Assessment

FOE

The vulnerability allows an attacker to upload malicious firmware, posing a direct threat to the integrity and operation of critical infrastructure devices.

Severity

6.1 Medium

The CVSS v3 score of 6.1 reflects a medium severity rating. While remote exploitation is not possible, the vulnerability allows for arbitrary firmware upload, which could lead to significant impact on device functionality if exploited by an attacker with physical access.

Defender Context

This alert highlights a critical vulnerability in industrial control systems (ICS) used in the communications sector. Defenders should be aware of potential physical access vectors for attackers and prioritize patching or applying vendor-recommended mitigations, including enabling signed-boot functionality, to prevent unauthorized firmware modifications.

Read Full Story →