A series of 38 security vulnerabilities were discovered in wireless Industrial Internet of Things (IIoT) devices from four different vendors. This can be a significant attack surface for threat actors looking to exploit operational technology (OT) environments.
“Threat actors can exploit vulnerabilities in wireless IIoT devices to gain initial access to internal OT networks,” says Israeli industrial cybersecurity firm Otorio. Said“They can use these vulnerabilities to bypass security layers and infiltrate target networks, compromising critical infrastructure or disrupting production.”
Simply put, vulnerabilities provide a remote entry point for attacks, allowing unauthenticated adversaries to gain a foothold and use it to spread to other hosts and cause significant damage. increase.
According to security researcher Roni Gavrilov, some of the identified shortcomings may be cascading, allowing outside actors to directly access thousands of internal OT networks over the Internet.
Of the 38 flaws, 3 affected ETIC Telecom’s Remote Access Server (RAS) (CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981) and affected vulnerable devices. It can be abused to take complete control.
Five other vulnerabilities related to InHand Networks’ InRouter 302 and InRouter 615 can lead to command injection, information disclosure, and code execution when exploited.
Specifically, it takes advantage of the “device manager” cloud platform issue to allow operators to perform remote actions such as configuration changes and firmware upgrades, and roots all cloud-managed InRouter devices. infringes on
again Two weaknesses identified Sierra Wireless AirLink Router (CVE-2022-46649 and CVE-2022-46650) can lead to the loss of sensitive information and remote code execution. The remaining flaws are still under responsible disclosure.
The findings highlight how OT networks can be compromised by allowing IIoT devices to be directly accessible over the internet.
Alternatively, local attackers target on-site Wi-Fi or cellular channels to infiltrate industrial Wi-Fi access points and cellular gateways, leading to potentially damaging man-in-the-middle (AitM) scenarios There is a possibility.
Attacks range from targeting weak cryptography to coexistence attacks targeting combo chips widely used in electronic devices.
To pull this off, attackers can take advantage of platforms such as wiggle – Database of various wireless hotspots around the world – Identify high-value industrial environments, locate them physically, and leverage access points from close range.
As a countermeasure, we recommend disabling insecure encryption schemes, hiding Wi-Fi network names, disabling unused cloud management services, and taking steps to prevent exposing your device. .
“The low exploit complexity and high potential impact make wireless IIoT devices and their cloud-based management platforms attractive targets for attackers seeking to penetrate industrial environments,” the company said. says.
Deployment also appeared as Otrio disclosed Details of two high severity flaws in the Siemens Automation License Manager (CVE-2022-43513 and CVE-2022-43514). Combining these can lead to remote code execution and privilege escalation. The bug was patched by Siemens in January 2023.