Infrastructure Briefing — ENTTEC lighting controllers require firmware lockdown

Executive briefing: CISA’s ICSA-20-177-01 update documents multiple ENTTEC controller vulnerabilities that could allow attackers to gain unauthorized SSH/SCP access, inject code, and execute commands as root. Unpatched lighting gateways in venues or transportation hubs are at risk of compromise.

Immediate actions for facilities teams

• Deploy June 2020 firmware. ENTTEC’s RevB firmware hardens authentication; apply it to Datagate Mk2, Storm 24, and Pixelator units and lock the devices via the front panel after configuration.
• Retire unsupported models. Replace E-Streamer Mk2 units with S-PLAY controllers as ENTTEC no longer supports the affected hardware.
• Isolate control networks. Keep DMX/Art-Net controllers behind firewalls and remove direct internet exposure; restrict inbound management to authorized subnets.

Strategic follow-through

• Credential hygiene. Enforce strong, unique passwords and disable default accounts where possible after firmware updates.
• Logging and monitoring. Collect controller syslogs and alert on failed SSH/SCP attempts or configuration changes outside maintenance windows.
• Vendor communication. Subscribe to ENTTEC security bulletins to ensure future firmware mitigations are applied promptly.

Source excerpts

Primary — exploitation risk: “Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized SSH/SCP access to devices, inject malicious code, run commands with root privileges, and read, write, and execute files in system directories as any user.”

CISA ICSA-20-177-01 (ENTTEC Lighting Controllers)

Primary — firmware guidance: “ENTTEC recommends the Datagate Mk2, Storm 24, and Pixelator units should be updated to RevB (June 2020) firmware or newer… Once the firmware is updated and the device is configured, ENTTEC recommends locking the unit via the front panel menu.”

CISA ICSA-20-177-01 (ENTTEC Lighting Controllers)