Critical Security Flaw Revealed in Honeywell Experion DCS and QuickBlox Services
Several security vulnerabilities have been discovered in various services, including the Honeywell Experion (DCS) distributed control system and QuickBlox, which, if successfully exploited, could result in severe compromises of affected systems.
Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow “unauthorized remote code execution, meaning an attacker would have the power to take control of the device and change the operation of the DCS controller, while also hiding the changes from the engineering workstation that manages the controller.” said Armis in a statement shared with The Hacker News.
In other words, the problem is related to the lack of sufficient encryption and authentication mechanisms in the proprietary protocol called Control Data Access (CDA) used to communicate between the Experion Server and the C300 controller, which effectively allows a threat actor to take over the device and change the operation of the controller. DCS.
“As a result, anyone with access to the network can impersonate both the controller and the server,” Tom Gol, CTO for research at Armis, said. “In addition, there are design flaws in the CDA protocol that make it difficult to control data boundaries and can cause buffer overflows.”
In a related development, Check Point and Claroty uncovered major flaws in the chat and video calling platform known as QuickBlox which is widely used in remote medicine, finance, and smart IoT devices. The vulnerability could allow attackers to leak the user database of many popular applications that combine the QuickBlox SDK and API.
These include Rozcom, an Israeli vendor that sells intercoms for residential and commercial use cases. Closer inspection of the mobile app led to the discovery of additional bugs (CVE-2023-31184 And CVE-2023-31185) which makes it possible to download all user databases, impersonate any user, and perform a full account takeover attack.
“As a result, we were able to take over all of Rozcom’s intercom devices, giving us complete control and allowing us to access the device’s camera and microphone, intercept its feeds, open doors managed by the device, and more,” the researchers said. said.
Also disclosed this week was the impact of remote code execution flaws Aerohive/Extreme Networks access points running versions of HiveOS/Extreme IQ Engine prior to 10.6r2 and the open source Ghostscript library (CVE-2023-36664CVSS score: 9.8) which may result in arbitrary order execution.
Protecting Against Insider Threats: SaaS Master Security Posture Management
Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.
“Ghostscript is a package that is widely used but not necessarily widely known,” Kroll researcher Dave Truman said. “This can be executed in a number of ways, from opening the file in a vector image editor like Inkscape to printing the file via CUPS. This means exploits of vulnerabilities in Ghostscript may not be limited to a single application or immediately obvious.”
Rounding off the list is the discovery of hard-coded credentials in the Technicolor TG670 DSL gateway router that authenticated users can weaponize to gain full administrative control over the device.
“Remote attackers can use the default username and password to log in as an administrator to the router device,” CERT/CC said in an advisory. “This allows an attacker to modify one of the router’s administrative settings and use it in unexpected ways.”
Users are advised to disable remote administration on their devices to prevent potential exploit attempts and check with service providers to determine if appropriate patches and updates are available.
