VARTA Storage Advisory Feed by CERT@VDEhttps://cert.vde.com/en/advisories/2023-03-23T05:30:29+00:00Feed for VARTA Storage Advisories by CERT@VDEVARTA: Multiple devices prone to hard-coded credentials2023-03-15T09:00:00+00:002023-03-23T05:30:29+00:00CERTVDEhttps://cert.vde.com/en/advisories/author/certuser/https://cert.vde.com/en/advisories/VDE-2022-061/<h4>VDE-2022-061</h4>
<h4>Vendor(s)</h4>VARTA Storage GmbH<br><h4>Product(s)</h4><table> <tbody> <tr> <th>Article No°</th> <th>Product Name</th> <th>Affected Version(s)</th> </tr><tr><td>2709858310 - 90</td><td>Element backup</td><td> < F21000400</td></tr><tr><td>2700852201 - 52</td><td>Element S1</td><td> < 2e.3.8.0</td></tr><tr><td>2700852301 - 53</td><td>Element S2</td><td> < 2e.3.8.0</td></tr><tr><td>2700852401 - 53</td><td>Element S2</td><td> < 2e.3.8.0</td></tr><tr><td>2709852201 - 53</td><td>Element S3</td><td> < 2e.3.8.0</td></tr><tr><td>2709852201 - 53</td><td>Element S3</td><td> < 2e.4.4.0</td></tr><tr><td>2709858202 - 13</td><td>Element S4</td><td> < D21010400</td></tr><tr><td>2703852201</td><td>One L/XL</td><td> < 2e.3.8.0</td></tr><tr><td>2707852201</td><td>Pulse (not pulse neo)</td><td> < C21010800</td></tr></tbody></table><p><h4>Vulnerabilities:</h4>⠀CVE-2022-22512: 9.1 (CVSS:3.1)<br><h4>Summary</h4><p>VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered that the corresponding credentials are hard-coded within the frontend and thus potentially exploitable.</p><h4>Impact</h4><p>The vulnerability allows unauthorized read and write access to the web backend. This allows reading and writing of parameters that are not intended for this purpose (e.g. connectivity settings, grid parameters). This can impact the operational availability and integrity. The safety of the battery storage device is not affected because safety relevant parameters are not accessible via the web backend.</p><h4>Solution</h4><p><b>Mitigation</b></p>
<p>General countermeasures: Restrict HTTP traffic to the energy storage system by using an inbound firewall or other measures on the network level.</p>
<p><b>Remediation</b></p>
<p>Product-specific countermeasures: A fixed version will be rolled out OTA as soon as it is available. Rollout for VARTA element backup will start end of Q1/2023 followed by Element S4.</p><p><h4>URL</h4><a href="https://cert.vde.com/en/advisories/VDE-2022-061/" target=_new>https://cert.vde.com/en/advisories/VDE-2022-061/</a>