A high-severity vulnerability has been identified in the firmware of Control's ELCA Star Transmitter Remote Control units. This flaw could allow an attacker to execute unauthorized commands on the device, potentially leading to the manipulation of industrial machinery. Successful exploitation could result in operational disruption, equipment damage, or safety incidents.

The vulnerability exists within the management interface of the ELCA Star Transmitter Remote Control firmware. A lack of proper input validation allows a remote attacker with network access to the device to inject and execute arbitrary system commands. An attacker could exploit this by sending a specially crafted network packet to the device, gaining control with the same privileges as the device's operating system.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could have a significant business impact, particularly in operational technology (OT) environments. An attacker could gain unauthorized control over industrial equipment operated by the remote control, leading to production stoppages, damage to machinery, theft of sensitive operational data, or creating unsafe physical conditions for personnel. The financial and reputational damage from such an incident could be substantial.

Immediate Action: Apply the security updates provided by the vendor immediately across all affected devices. Prioritize patching for systems that are accessible from less trusted networks. After patching, review system and access logs for any signs of compromise that may have occurred before the update was applied.

Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the affected remote control devices. Look for unusual or unauthorized connection attempts to the device's management ports. Configure logging to capture all commands executed on the device and regularly audit these logs for anomalous activity.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk of exploitation. Isolate the affected devices onto a segmented network with strict firewall rules, permitting access only from authorized management stations. Deploy an Intrusion Detection/Prevention System (IDS/IPS) with rules to detect and block attempts to exploit this vulnerability.

Public Exploit Available: false

Due to the high-severity rating and the critical function of the affected industrial remote control systems, we strongly recommend that organizations prioritize the immediate application of the vendor-supplied patches. While this vulnerability is not currently listed on the CISA KEV catalog, its potential impact on critical infrastructure makes it a high-value target. Organizations unable to patch immediately must implement the recommended compensating controls, such as network segmentation, without delay to mitigate the risk of operational disruption and physical damage.