CVE-2024-5947 Deep Sea Electronics CVE debrief

Who should care

Organizations operating Deep Sea Electronics DSE855 remote communications displays in power generation, marine, or industrial applications. Security teams managing OT/ICS networks with DSE855 devices deployed. Asset owners responsible for generator set control systems utilizing DSE855 modules for remote monitoring and configuration.

Technical summary

The DSE855 remote communications display module exposes the Backup.bin file through direct URL reference without authentication. An attacker on the same network segment can retrieve this file via HTTP GET request, obtaining device configuration data. The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key) or CWE-284 (Improper Access Control). No authentication is required, and the attack complexity is low. The confidentiality impact is rated HIGH as configuration files may contain credentials, network settings, or operational parameters. No integrity or availability impact is associated with this vulnerability.

Defensive priority

medium

Recommended defensive actions

• Apply vendor firmware update to version 1.2.0 or later
• Restrict network access to DSE855 devices to authorized administrative hosts only
• Segment DSE855 devices from untrusted networks using firewall rules
• Monitor for unauthorized HTTP GET requests targeting Backup.bin or similar backup files
• Review device configurations for exposed sensitive data after compromise assessment
• Implement defense-in-depth strategies per ICS-CERT recommended practices

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-24-298-03. Affected product confirmed as Deep Sea Electronics DSE855 firmware version 1.0.26. Vendor fix identified as version 1.2.0. CVSS 3.1 score of 6.5 (MEDIUM) assigned with adjacent network attack vector.

Official resources