Hetronic Nova-M (ICSA-19-003-03)

The NCCIC has published an advisory on an authentication bypass by capture-replay vulnerability. All versions prior to r161 are affected. Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. Hetronic recommends that all Nova-M users update their radio transmitters and receivers. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.