Headline
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom’s Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation.
Prominent among them is a set of three flaws affecting ETIC Telecom’s Remote Access Server (RAS), which “could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines,” CISA said.
This includes CVE-2022-3703 (CVSS score: 9.0), a critical flaw that stems from the RAS web portal’s inability to verify the authenticity of firmware, thereby making it possible to slip in a rogue package that grants backdoor access to the adversary.
Two other flaws relate to a directory traversal bug in the RAS API (CVE-2022-41607, CVSS score: 8.6) and a file upload issue (CVE-2022-40981, CVSS score: 8.3) that can be exploited to read arbitrary files and upload malicious files that can compromise the device.
Israeli industrial cybersecurity firm OTORIO has been credited with discovering and reporting the flaws. All versions of ETIC Telecom RAS 4.5.0 and prior are vulnerable, with the issues addressed by the French company in version 4.7.3.
The second advisory from CISA concerns three flaws in Nokia’s ASIK AirScale 5G Common System Module (CVE-2022-2482, CVE-2022-2483, and CVE-2022-2484), which could pave the way for arbitrary code execution and stoppage of secure boot functionality. All the flaws are rated 8.4 on the CVSS severity scale.
“Successful exploitation of these vulnerabilities could result in the execution of a malicious kernel, running of arbitrary malicious programs, or running of modified Nokia programs,” CISA noted.
The Finnish telecom giant is said to have published mitigation instructions for the flaws that impact ASIK versions 474021A.101 and ASIK 474021A.102. The agency is recommending that users contact Nokia directly for further information.
Lastly, the cybersecurity authority has also warned of a path traversal vulnerability (CVE-2022-2969, CVSS score: 8.1) that affects Delta Industrial Automation’s DIALink products and could be leveraged to plant malicious code on targeted appliances.
The shortcoming has been addressed in version 1.5.0.0 Beta 4, which CISA said can be obtained by reaching out to Delta Industrial Automation directly or via Delta field application engineering (FAEs).
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Related news
A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.