Alert ( ICS-ALERT-11-129-01)
Samsung Data Management Server Root Access
All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/.
ICS-CERT was made aware of a published report by an independent researcher specifying a hard-coded credential vulnerability in the Samsung Data Management Server. This vulnerability allows an attacker to remotely log in with administrative privileges via telnet or FTP. ICS-CERT has not validated this vulnerability.
ICS-CERT is currently coordinating with the vendor to validate and mitigate this vulnerability. Additional information will be published as it becomes available.
The Samsung Integrated Management System Data Management Server (DMS) is primarily used to manage multiple air conditioning units in large public buildings. This product has been widely deployed in approximately 15 countries, including South Korea, various European countries, China, and the United States.
ICS-CERT encourages asset owners to minimize network exposure for all control system devices. Critical control system devices should not directly face the Internet. Local control system networks and remote devices need to be deployed behind carefully configured firewalls and isolated from the business network. When remote access is necessary, secure methods such as Virtual Private Networks (VPNs) should be used.
Security and operational organizations observing any suspected malicious cyber or control system activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
The Control Systems Security Program (CSSP) also provides a recommended practices section for control systems on the US-CERT website. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
For any questions related to this report, please contact the NCCIC at:
Toll Free: 1-888-282-0870
The NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.