Select Page

Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks.

BMC refers to a specialized service processor, a system-on-chip (SoC), that’s found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as firmware flashing and power control.

Nozomi Networks, which analysed an Intelligent Platform Management Interface (IPMC) from Taiwanese vendor Lanner Electronics, said it uncovered 13 weaknesses affecting IAC-AST2500.

All the issues affect version 1.10.0 of the standard firmware, with the exception of CVE-2021-4228, which impacts version 1.00.0. Four of the flaws (from CVE-2021-26727 to CVE-2021-26730) are rated 10 out of 10 on the CVSS scoring system.

images from Hacker News