Security News > 2021 > June > Industrial Switches From Several Vendors Affected by Same Vulnerabilities
Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology.
The firmware developed by Korenix for its JetNet industrial switches is also used by Westermo for PMI-110-F2G and Pepperl+Fuchs for Comtrol RocketLinx industrial switches.
SEC Consult says devices made by these companies share a "Partially similar firmware base" and they are affected by the same vulnerabilities.
According to Thomas Weber, the SEC Consult researcher who discovered the vulnerabilities, the switches are used in key positions within the network and an attacker could exploit the vulnerabilities to cut off the network connection to attached systems.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
SEC Consult's initial attempts to get Korenix to patch the vulnerabilities failed, until late November 2020, when the company had been preparing to make its findings public.