IM
IronMonkey Threat Research
‹ Back to ICS Advisories

CubeSpace CW0057 Reaction Wheel

MEDIUM
CVSS 6.1
Date 2026-07-02T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-13743 6.1 medium
CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.

// Remediations (2)

Patch: CubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20.
CubeSpace has released the following firmware versions for users to enable: Firmware version 5.0.20. Firmware version 5.0.20 introduces the capability for cryptographically verified secure boot; however, this protection is not enabled by default. Users must activate signed‑boot functionality, particularly the fully immutable mode, to achieve full security.
Mitigation: CubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a
CubeSpace acknowledges the finding. The CW0057 reaction wheel authenticates firmware updates with a CRC-32 integrity check, which confirms image integrity but does not verify the source of an image. Exploitation requires direct physical access to the device and is not exploitable remotely. A device affected by this method remains recoverable: the bootloader operates independently of the application firmware and can reload known-good, CubeSpace-supplied images, so an affected unit cannot be permanently disabled by this method. Starting with firmware version 5.0.20, CubeSpace offers optional cryptographic secure boot of varying security levels which customers can enable. Given the physical-access prerequisite and the availability of recovery, CubeSpace assesses the practical risk as low.

// References