Software Engineering Institute

Cisco Network Building Mediator (NBM) products are designed to manage facility energy use. NBM products support automation protocols such as BACnet and Modbus; IT network protocols such as IP, SNMP, SSH, and HTTP/S; and application protocols like XML-RPC and SOAP. NBM products are affected by multiple vulnerabilities, including default administrative credentials, privilege escalation, plaintext transmission of credentials, and unauthenticated access to a file containing credentials. An attacker can exploit these vulnerabilities using several attack vectors over SSH, HTTP/S, and XML-RPC.

Cisco Security Advisory cisco-sa-20100526-mediator notes: "These vulnerabilities affect the legacy Richards-Zeta Mediator 2500 product and Cisco Network Building Mediator NBM-2400 and NBM-4800 models. All Mediator Framework software releases prior to 3.1.1 are affected by all vulnerabilities listed in this security advisory."

See also ICS-CERT Advisory ICSA-10-147-01.

These vulnerabilities could allow an unauthenticated, remote attacker to gain complete control over the mediator. An authorized user could gain administrative privileges, and a remote attacker could cause a denial of service.

As reported in cisco-sa-20100526-mediator, the first fixed releases are 1.5.1.build.14-eng, 2.2.1.dev.1, and 3.0.9.release.1.

Cisco Security Advisory cisco-sa-20100526-mediator and the associated Applied Mitigation Bulletin provide detailed information about workarounds and mitigation techniques, including changing default passwords, disabling unencrypted services, restricting access, and detecting possible attacks.