Several security vulnerabilities have been identified in the cloud management platforms associated with three industrial cellular router vendors that may expose operational technology (OT) networks to external attacks.
It was discovered that Presented Israeli industrial cybersecurity company OTORIO made the announcement at the Black Hat Asia 2023 conference last week.
11 vulnerabilities “allow remote code execution and complete control over hundreds of thousands of devices and OT networks, in some cases not actively configured to use the cloud” “There is a possibility.
Specifically, cloud-based management solutions offered by Sierra Wireless, Teltonika Networks, and InHand Networks for remotely managing and operating devices have shortcomings.
Successful exploitation of this vulnerability could pose significant risks to industrial environments, allowing attackers to bypass security layers, steal sensitive information, or remotely execute code on internal networks. It becomes possible to
Worse, this issue can be weaponized to gain unauthorized access to devices in the network and perform malicious operations such as shutdown with elevated permissions.
This is made possible by three different attack vectors that can be exploited to compromise and hijack cloud-managed IIoT devices through cloud-based management platforms.
- Weak asset registration mechanism (Sierra Wireless): attacker can Scan unregistered cloud-connected devices, utilize the AirVantage online warranty checker tool to retrieve serial numbers, register devices to managed accounts, and execute arbitrary commands.
- Security configuration flaw (InHand network): An unprivileged user could leverage the command injection flaws CVE-2023-22601, CVE-2023-22600, and CVE-2023-22598 to execute remote code with root privileges and issue a reboot command. , may push a firmware update.
- External APIs and Interfaces (Teltonika Networks): threat actor can Multiple issues identified in the Remote Management System (RMS) were exploited to “expose sensitive device information and device credentials, allow remote code execution, and compromise managed connected devices on the network. and allow spoofing of legitimate devices.”
The six flaws (CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2586, CVE-2023-2587, and CVE-2023-2588) affecting Teltonika Networks are It was discovered after a “comprehensive investigation”. The study was carried out in collaboration with Claroti.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.
โWhen attackers successfully exploit these industrial routers and IoT devices, they can do a variety of things to the compromised device or network, including monitoring network traffic, stealing sensitive data, hijacking internet connections and accessing internal services. It can have an impact.โ enterprise Said.
OTORIO said cloud-managed devices pose a “huge” risk to the supply chain, with a single vendor’s breach potentially acting as a backdoor to access multiple OT networks at once.
This development allows cybersecurity firms to provide attackers with a direct path to internal OT networks, potentially compromising critical infrastructure with 38 security threats to wireless Industrial Internet of Things (IIoT) devices. A little over 3 months after revealing the above flaws.
“As the deployment of IIoT devices becomes more prevalent, it’s important to recognize that their cloud management platforms can become targets for threat actors,” said security researcher Roni Gavrilov. โA single he IIoT vendor platform, when exploited, could act as a โpivot pointโ for attackers, gaining access to thousands of environments at once.โ