The Axel Technology WOLF1MS and WOLF2MS devices are industrial control systems used for monitoring and controlling industrial processes. The vulnerability allows unauthenticated remote attackers to list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.
Affected versions: 1.0.3, 0.8.5 If you don't recognise this software, you're probably not affected.
Contact Axel Technology directly for a patched firmware version (no public patch link available).
Immediate mitigations:
- Restrict network access to your WOLF1MS or WOLF2MS instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation