SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices.
CWE-494: Download of Code Without Integrity Check - CVE-2016-6567
SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications.
A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device.
The CERT/CC is currently unaware of a practical solution to this problem.
Affected users may also consider the following workaround:
Thanks to Nolan Ray of NCC Group for reporting this vulnerability.
This document was written by Garret Wassermann.