NCCIC/ICS-CERT is aware of a public report of authentication vulnerabilities with proof-of-concept (PoC) exploit code affecting FENIKS PRO Elnet LT Energy & Power analyzer. According to this report, attackers can manage the device remotely without authentication. This report was released after ICS-CERT failed to coordinate the vulnerabilities with FENIKS PRO. ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerabilities and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-256-01