An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.
The vulnerability is classified as CWE-444 (HTTP Request/Response Smuggling), indicating improper interpretation or processing of HTTP headers by the device. An attacker sends a specially crafted HTTP request containing improperly constructed headers that cause memory corruption in their parsing mechanism. Since this process does not require authentication, any network client with access to the device's HTTP interface can conduct the attack.
An attacker can remotely cause a breach of confidentiality, integrity, and availability of the device, potentially taking control of it or causing instability. In the context of industrial event recorders, disruption of device operation may prevent the recording of electrical network faults.
Apply patches available from the manufacturer according to references (https://www.elspec-ltd.com/support/security-advisories/). Until an update is applied, it is recommended to isolate the device from public networks and restrict access to the HTTP interface only to trusted hosts using a firewall or network segmentation.
Elspec G5 Digital Fault Recorder (G5Dfr) in firmware version 1.1.4.15 and earlier
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HElspec Ltd G5dfr
HWElspec-Ltdwszystkie wersjeElspec Ltd G5dfr Firmware
OSElspec-Ltd< 1.2.1.12
Related vulnerabilities
Elspec G5 – nieuwierzytelnione uszkodzenie pamięci podczas parsowania XML
An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 ...
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Enti...
Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal ...