Source linked

CubeSpace Reaction Wheel Ships Secure Boot - Off by Default

CubeSpace's CW0057 reaction wheel firmware before 5.0.20 verifies updates with only a CRC-32 check, letting attackers with physical access load arbitrary code. The patch adds cryptographic secure boot, but it's...

cisacubespacecw0057 reaction wheelfirmware securitysatellite systemscyber physical security

CubeSpace's CW0057 reaction wheel, a component used in satellite attitude control systems worldwide, authenticated firmware updates with nothing more than a CRC-32 integrity check – a 32-bit cyclic redundancy check that confirms bit rot, not origin.

That's CVE-2026-13743: an improper verification of cryptographic signature (CWE-347) affecting all firmware versions before 5.0.20. CVSS 3.1 gives it a 6.1 (medium) because it requires physical access to the device. No remote exploitation; you need to be at the satellite or the hardware. The attacker uploads arbitrary malicious firmware, but the device remains recoverable because the bootloader runs independently and can reload known-good CubeSpace images.

The Fix Exists – But You Have to Flip the Switch

CubeSpace released firmware 5.0.20, which introduces cryptographically verified secure boot – optional. Customers must explicitly activate signed-boot functionality, particularly the fully immutable mode, to get real protection. Default is still the old CRC-32 path. CubeSpace acknowledges the finding, but the assessment is that practical risk is low given physical access requirement and recovery option.

I call that a half-baked mitigation. If you're deploying reaction wheels in a communications satellite, you don't want to rely on administrators enabling security after reading a CISA advisory. The fact that the fix exists but ships disabled means every system that hasn't been manually hardened is still running unauthenticated firmware updates.

Anthony Rose reported this vulnerability to CISA. CubeSpace's headquarters is in South Africa; the product is deployed globally.

What This Means for Satellite Operators

If you have CW0057 reaction wheels in service, check your firmware version immediately. Versions before 5.0.20 are vulnerable. Upgrade to 5.0.20, then turn on signed boot and immutable mode – don't assume the default configuration is safe. This advisory is a reminder that optional security in a critical infrastructure component is often no security at all. The next vulnerability might not be limited to physical access.


Source: CubeSpace CW0057 Reaction Wheel
Domain: cisa.gov

Read original source ->

External source stays available while the OJO article and comment thread stay local.

Comments load interactively on the live page.