Critical flaw reported in Optigo Networks ONS-S8 Spectra Aggregation Switch
Take action: It seems no patch is available for these flaws. Instead, if running Optigo Networks ONS-S8, all you can do is organize the network to isolate the ONS-S8 to a separate VLAN, dedicated network card and make it inaccessible from untrusted networks/devices.
Learn More
Critical security vulnerabilities has been identified in Optigo Networks' ONS-S8 Spectra Aggregation Switch, an OT network management device widely deployed in critical manufacturing sectors.
- CVE-2024-41925 (CVSS score 9.3) - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') - This vulnerability allows attackers to traverse directories, bypass authentication, and execute remote code due to improper input validation in the web service’s PHP include/require statement.
- CVE-2024-45367 (CVSS score 9.3) - Weak Authentication - This vulnerability is caused by an incomplete authentication process, allowing attackers to authenticate without a password, thereby gaining unauthorized access to the device.
Affected Products are ONS-S8 - Spectra Aggregation Switch, versions 1.3.7 and prior
Optigo Networks recommends users take the following actions to protect their systems:
- Use a unique management VLAN for the ONS-S8 port that connects to OneView.
- Dedicated NIC: Use a dedicated network interface card on the BMS computer for connecting to OneView.
- Router Firewall: Set up a router firewall with a whitelist for authorized devices.
- VPN: Connect to OneView via a secure VPN.
