CISA warns of available exploit PoC for RAD SecFlow-2 Industrial Switch
Take action: If you are using RAD SecFlow-2 industrial switch/router time to plan a replacement. It's not a panic mode replacement - especially if the switches are in an isolated network, but still make timely plans.
Learn More
The US Cybersecurity and Infrastructure Security Agency (CISA) released an ICS advisory notifying organizations about a high-severity vulnerability in an outdated industrial switch from Israel-based RAD Data Communications. T
he vulnerability, tracked as CVE-2019-6268 (CVSS score 7.5), involves a path traversal flaw in RAD’s SecFlow-2 ruggedized switch/router, designed for challenging industrial environments.
The vulnerability allows unauthorized attackers to create crafted requests to access any file from the operating system, including sensitive files such as password hashes. This flaw was publicly disclosed in early March 2024, when technical details and a proof-of-concept (PoC) exploit were released on the Packet Storm website. The specific issue is that RAD SecFlow-2 devices with hardware 0202, firmware 4.1.01.63, and U-Boot 2010.12 allow URIs starting with "/.." to traverse directories, enabling attackers to read files like /etc/shadow.
CISA became aware of the vulnerability through the PoC and informed RAD Data Communications. Since the SecFlow-2 product has reached its end of life (EOL), RAD has recommended customers upgrade to the newer SecFlow-1p industrial IoT gateway.
