Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.
The following versions of CubeSpace CW0057 Reaction Wheel are affected:
CW0057 Reaction Wheel
Vendor
Equipment
CubeSpace
CubeSpace CW0057 Reaction Wheel
Improper Verification of Cryptographic Signature
Critical Infrastructure Sectors: Communications
Countries/Areas Deployed: Worldwide
Company Headquarters Location: South Africa
CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.