[EAS] Fwd: Monroe Electronics One-Net DASDEC boxes -- Risks of Internet exposure in US

Shawn Merdinger shawnmer at gmail.com
Sat Apr 4 09:11:03 CDT 2020 

---------- Forwarded message ----------
From: Shawn Merdinger <shawnmer at gmail.com>
exposure in US

Friday, 3 April 2020

This is addressed to the Broad Engineering Community.

There remains significant Internet exposure of admin login interfaces
on HTTP and HTTPS of Monroe Electronics One-Net DASDEC devices.

Monroe Electronics One-Net DASDEC with same SSH Key Fingerprint:
"e4:96:eb:de:a0:b5:65:b5:30:ab:aa:57:f5:09:5e:f8" is strange.  A
shared SSH key fingerprint across multiple devices also exists, and
specifically is NOT the same SSH key fingerprint in the US CERT
advisory:  https://www.us-cert.gov/ics/advisories/ICSA-13-184-02   Why
is this?  Where did this SSH key come from and why is it across 23
devices in the wild right now?

Risk of this kind of exposure includes Internet based attacks against
the device like brute force logins, as well as automated attacks that
may place burdens on the device (i.e. CPU/memory impact), potentially
impacting intended device operations.  The SSH key fingerprint issue
needs investigation.

For security hardening, please refer to the vendor and also to SBE.org
EAS security notes:  https://www.sbe.org/sections/news/EASsecurity.php

Exposed device details are available via Shodan and each IP address
has its own Shodan page -- the Shodan page URL for each Monroe
Electronics One-Net DASDEC device is below.

Monroe Electronics One-Net DASDEC with HTTP Exposed (62 HTTP TCP/80
server instances)

Shodan Search:
https://www.shodan.io/search?query=title%3A%22Monroe+Electronics+One-Net%22+port%3A%2280%22

https://www.shodan.io/host/104.218.82.229
https://www.shodan.io/host/104.244.151.24
https://www.shodan.io/host/162.39.113.88
https://www.shodan.io/host/163.182.224.162
https://www.shodan.io/host/173.246.249.4
https://www.shodan.io/host/184.94.225.18
https://www.shodan.io/host/192.129.115.89
https://www.shodan.io/host/192.129.122.23
https://www.shodan.io/host/192.160.255.25
https://www.shodan.io/host/192.76.4.68
https://www.shodan.io/host/199.30.219.19
https://www.shodan.io/host/207.177.68.59
https://www.shodan.io/host/207.68.221.204
https://www.shodan.io/host/208.101.192.111
https://www.shodan.io/host/208.36.229.41
https://www.shodan.io/host/208.53.203.212
https://www.shodan.io/host/208.90.179.22
https://www.shodan.io/host/209.152.144.237
https://www.shodan.io/host/209.166.110.79
https://www.shodan.io/host/209.166.110.85
https://www.shodan.io/host/209.166.110.89
https://www.shodan.io/host/209.65.75.35
https://www.shodan.io/host/216.167.134.158
https://www.shodan.io/host/216.207.208.57
https://www.shodan.io/host/216.51.151.235
https://www.shodan.io/host/24.223.9.135
https://www.shodan.io/host/24.223.9.44
https://www.shodan.io/host/24.244.65.198
https://www.shodan.io/host/24.31.25.8
https://www.shodan.io/host/3.221.92.101
https://www.shodan.io/host/3.82.201.247
https://www.shodan.io/host/34.238.144.142
https://www.shodan.io/host/35.168.166.79
https://www.shodan.io/host/52.6.148.187
https://www.shodan.io/host/63.78.116.107
https://www.shodan.io/host/63.78.116.108
https://www.shodan.io/host/64.187.87.82
https://www.shodan.io/host/64.234.10.132
https://www.shodan.io/host/64.64.154.43
https://www.shodan.io/host/64.77.205.21
https://www.shodan.io/host/65.79.246.34
https://www.shodan.io/host/65.97.216.5
https://www.shodan.io/host/66.112.170.175
https://www.shodan.io/host/66.115.124.102
https://www.shodan.io/host/66.115.126.200
https://www.shodan.io/host/66.241.70.240
https://www.shodan.io/host/67.110.216.40
https://www.shodan.io/host/67.128.202.130
https://www.shodan.io/host/67.136.7.221
https://www.shodan.io/host/67.21.189.37
https://www.shodan.io/host/68.68.171.227
https://www.shodan.io/host/69.2.10.144
https://www.shodan.io/host/69.240.237.238
https://www.shodan.io/host/69.57.200.5
https://www.shodan.io/host/69.59.87.111
https://www.shodan.io/host/69.59.87.67
https://www.shodan.io/host/69.7.88.130
https://www.shodan.io/host/72.166.75.56
https://www.shodan.io/host/74.121.92.150
https://www.shodan.io/host/8.42.242.6
https://www.shodan.io/host/96.60.151.130
https://www.shodan.io/host/96.60.151.38

Monroe Electronics One-Net DASDEC with HTTP Exposed (64 HTTPS TCP/443
server instances)

https://www.shodan.io/search?query=title%3A%22Monroe+Electronics+One-Net%22+port%3A%22443%22

https://www.shodan.io/host/104.218.82.229
https://www.shodan.io/host/104.244.151.24
https://www.shodan.io/host/107.178.19.154
https://www.shodan.io/host/162.39.113.88
https://www.shodan.io/host/172.98.240.21
https://www.shodan.io/host/173.246.249.4
https://www.shodan.io/host/184.94.225.18
https://www.shodan.io/host/192.129.115.89
https://www.shodan.io/host/192.129.120.196
https://www.shodan.io/host/192.129.122.23
https://www.shodan.io/host/192.76.4.68
https://www.shodan.io/host/207.177.68.59
https://www.shodan.io/host/207.68.221.204
https://www.shodan.io/host/208.36.229.41
https://www.shodan.io/host/208.53.203.212
https://www.shodan.io/host/208.90.179.22
https://www.shodan.io/host/209.152.144.237
https://www.shodan.io/host/209.166.110.79
https://www.shodan.io/host/209.166.110.85
https://www.shodan.io/host/209.166.110.89
https://www.shodan.io/host/209.65.75.35
https://www.shodan.io/host/216.167.134.158
https://www.shodan.io/host/216.201.59.150
https://www.shodan.io/host/216.207.208.57
https://www.shodan.io/host/216.51.175.141
https://www.shodan.io/host/24.223.9.135
https://www.shodan.io/host/24.223.9.44
https://www.shodan.io/host/24.244.65.198
https://www.shodan.io/host/24.31.25.8
https://www.shodan.io/host/3.221.92.101
https://www.shodan.io/host/3.82.201.247
https://www.shodan.io/host/35.168.166.79
https://www.shodan.io/host/52.6.148.187
https://www.shodan.io/host/63.78.116.107
https://www.shodan.io/host/63.78.116.108
https://www.shodan.io/host/64.188.246.100
https://www.shodan.io/host/64.234.10.132
https://www.shodan.io/host/64.234.109.187
https://www.shodan.io/host/64.77.205.21
https://www.shodan.io/host/65.79.246.34
https://www.shodan.io/host/65.97.216.5
https://www.shodan.io/host/66.0.94.185
https://www.shodan.io/host/66.112.170.175
https://www.shodan.io/host/66.115.124.102
https://www.shodan.io/host/66.115.125.80
https://www.shodan.io/host/66.115.126.200
https://www.shodan.io/host/66.241.70.240
https://www.shodan.io/host/67.110.216.40
https://www.shodan.io/host/67.128.202.130
https://www.shodan.io/host/67.21.189.37
https://www.shodan.io/host/67.55.152.143
https://www.shodan.io/host/68.116.216.2
https://www.shodan.io/host/68.68.171.227
https://www.shodan.io/host/69.2.10.144
https://www.shodan.io/host/69.240.237.238
https://www.shodan.io/host/69.57.200.5
https://www.shodan.io/host/69.59.87.67
https://www.shodan.io/host/71.188.62.85
https://www.shodan.io/host/72.20.192.102
https://www.shodan.io/host/74.120.61.21
https://www.shodan.io/host/74.121.92.150
https://www.shodan.io/host/8.42.242.6
https://www.shodan.io/host/96.60.151.130
https://www.shodan.io/host/96.60.151.38

Monroe Electronics One-Net DASDEC with same SSH Key Fingerprint:
"e4:96:eb:de:a0:b5:65:b5:30:ab:aa:57:f5:09:5e:f8"

Shodan Search:
https://www.shodan.io/search?query=%22e4%3A96%3Aeb%3Ade%3Aa0%3Ab5%3A65%3Ab5%3A30%3Aab%3Aaa%3A57%3Af5%3A09%3A5e%3Af8%22

https://www.shodan.io/host/104.61.43.34
https://www.shodan.io/host/156.56.47.132
https://www.shodan.io/host/162.39.113.88
https://www.shodan.io/host/173.164.6.101
https://www.shodan.io/host/192.129.120.196
https://www.shodan.io/host/192.160.255.25
https://www.shodan.io/host/208.110.239.235
https://www.shodan.io/host/208.53.203.212
https://www.shodan.io/host/208.81.157.118
https://www.shodan.io/host/209.152.144.237
https://www.shodan.io/host/216.128.237.254
https://www.shodan.io/host/23.252.191.173
https://www.shodan.io/host/50.237.27.143
https://www.shodan.io/host/66.112.170.175
https://www.shodan.io/host/67.110.216.40
https://www.shodan.io/host/67.136.7.221
https://www.shodan.io/host/68.68.171.227
https://www.shodan.io/host/69.240.237.238
https://www.shodan.io/host/71.8.234.18
https://www.shodan.io/host/8.3.114.235
https://www.shodan.io/host/8.42.242.6
https://www.shodan.io/host/96.60.151.130
https://www.shodan.io/host/96.60.151.38

Background:

https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/

--scm
Shawn Merdinger
Security Researcher

More information about the EAS mailing list