The firmware update process does not validate the currently installed firmware version before applying an update. In firmware_apply_update, the current_version parameter is explicitly ignored, meaning the device does not compare the incoming firmware version against the version already installed. As a result, an attacker who can supply or replay an older firmware image may downgrade the device to a previous vulnerable version.

In an OT firmware environment, this can undermine secure update protections and allow known vulnerabilities to be reintroduced after they were previously patched. A successful rollback attack may weaken authentication, bypass security fixes, restore insecure behaviour, or destabilise device operation.

Remediation:

Implement anti-rollback protection by comparing the incoming firmware version against the currently installed security version before applying the update. Reject firmware images with a lower version number than the stored trusted version. The security version should be stored securely and persistently, ideally in tamper-resistant storage or protected memory, and should only be updated after successful verification and installation of newer firmware.