Security
Headlines
HeadlinesLatestCVEs

Headline

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. “Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks,” Israeli

The Hacker News
#vulnerability#ios#rce#auth#wifi#The Hacker News

Network Security / IoT Security

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments.

“Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks,” Israeli industrial cybersecurity company Otorio said. “They can use these vulnerabilities to bypass security layers and infiltrate target networks, putting critical infrastructure at risk or interrupting manufacturing.”

The flaws, in a nutshell, offer a remote entry point for attack, enabling unauthenticated adversaries to gain a foothold and subsequently use it as leverage to spread to other hosts, thereby causing significant damage.

Some of the identified shortcomings could be chained to give an external actor direct access to thousands of internal OT networks over the internet, security researcher Roni Gavrilov said.

Of the 38 defects, three affect ETIC Telecom’s Remote Access Server (RAS) – CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981 – and could be abused to completely seize control of susceptible devices.

Five other vulnerabilities concern InHand Networks InRouter 302 and InRouter 615 that, if exploited, could result in command injection, information disclosure, and code execution.

Specifically, it entails taking advantage of issues in the “Device Manager” cloud platform, which permits operators to perform remote actions like configuration changes and firmware upgrades, to compromise every cloud-managed InRouter device with root privileges.

Also identified are two weaknesses in Sierra Wireless AirLink Router (CVE-2022-46649 and CVE-2022-46650) that could allow a loss of sensitive information and remote code execution. The remaining flaws are still under responsible disclosure.

The findings underscore how OT networks could be put at risk by making IIoT devices directly accessible on the internet, effectively creating a “single point of failure” that can bypass all security protections.

Alternatively, local attackers can break into industrial Wi-Fi access points and cellular gateways by targeting on-site Wi-Fi or cellular channels, leading to adversary-in-the-middle (AitM) scenarios with adverse potential impact.

The assaults can range from targeting weak encryption schemes to coexistence attacks aimed at combo chips used widely in electronic devices.

To pull this off, threat actors can utilize platforms like WiGLE – a database of different wireless hotspots worldwide – to identify high-value industrial environments, physically locate them, and exploit the access points from close proximity, Otorio noted.

As countermeasures, it’s recommended to disable insecure encryption schemes, hide Wi-Fi network names, disable unused cloud management services, and take steps to prevent devices from being publicly accessible.

“The low complexity of exploit, combined with the broad potential impact, makes wireless IIoT devices and their cloud-based management platforms an enticing target for attackers looking to breach industrial environments,” the company said.

The development also comes as Otorio disclosed details of two high-severity flaws in Siemens Automation License Manager (CVE-2022-43513 and CVE-2022-43514) that could be combined to gain remote code execution and privilege escalation. The bugs were patched by Siemens in January 2023.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk

By Waqas Tel Aviv-based firm OTORIO's cybersecurity research team identified and reported these vulnerabilities. This is a post from HackRead.com Read the original post: Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk

CVE-2023-2187: Industrial and Manufacturing CVEs: Addressing the SCADA in the Room

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.

CVE-2022-46650

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.

CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.

CVE-2022-41607

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and