11 New Vulnerabilities Expose OT Networks
Several security vulnerabilities have been revealed in the cloud management platform associated with three industrial mobile router vendors that could expose operational technology (OT) networks to external attacks.
The find served by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week.
11 vulnerabilities allowed “remote code execution and complete control over hundreds of thousands of OT devices and networks – in some cases, even those not actively configured to use the cloud.”
In particular, it lacks cloud-based management solutions offered by Sierra Wireless, Teltonika Networks, and InHand Networks to manage and operate devices remotely.
Successful exploitation of vulnerabilities can pose a significant risk to industrial environments, allowing adversaries to circumvent layers of security and extract sensitive information and achieve remote code execution on internal networks.
Even worse, the problem can be weaponized to gain unauthorized access to devices on the network and perform malicious operations such as shutting down with higher permissions.
This, in turn, is made possible due to three different exploitable attack vectors to compromise and take over cloud-managed IIoT devices via their cloud-based management platform:
- Weak asset registration mechanism (Sierra Wireless): An attacker Can scans for unregistered devices connected to the cloud, gets their serial numbers using AirVantage’s online Warranty Checker tool, registers them to accounts under their control, and executes arbitrary commands.
- Flaw in security configuration (InHand Networks): Unauthorized users can take advantage of CVE-2023-22601, CVE-2023-22600, and CVE-2023-22598, a command injection flaw, to gain remote code execution with root privileges, issue reboot commands, and push firmware updates.
- API and external interface (Teltonika Networks): A threat actor Can abused several issues identified in the remote management system (RMS) to “expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and enable legitimate device impersonation.”
Six flaws impacting Teltonika Networks – CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2586, CVE-2023-2587, and CVE-2023-2588 – were discovered after “comprehensive research ” is done in collaboration with Claroty.
Learn How to Stop Ransomware with Real-Time Protection
Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.
“An attacker who successfully exploits these industrial routers and IoT devices can cause a number of impacts on compromised devices and networks, including monitoring network traffic and stealing sensitive data, hijacking internet connections, and accessing internal services,” company said.
OTORIO said cloud-managed devices pose “enormous” supply chain risks and a single vendor compromise can act as a backdoor to access multiple OT networks in one sweep.
The development comes more than three months after the cybersecurity firm disclosed 38 security flaws in industrial wireless Internet of Things (IIoT) devices that could provide attackers with a direct path to internal OT networks and compromise critical infrastructure.
“As IIoT device deployments become more popular, it is important to recognize that their cloud management platforms may be targeted by threat actors,” said security researcher Roni Gavrilov. “A single exploited IIoT vendor platform can act as a ‘pivot point’ for an attacker, accessing thousands of environments at once.”