Multiple security vulnerabilities have been discovered in various services, such as the Honeywell Experion Distributed Control System (DCS) and QuickBlox, which, if successfully exploited, could result in a significant compromise of the affected system.
Nine flaws in the Honeywell Experion DCS platform, dubbed Crit.IX, allow for “unauthorized remote code execution.” This means that an attacker can hijack a device and have the power to change the behavior of the DCS controller while hiding the changes. It’s an engineering workstation that manages the controller,” Almis said in a statement shared with HackerNews.
In other words, the problem is related to the lack of encryption and proper authentication mechanisms in the proprietary protocol called Control Data Access (CDA) used for communication between the Experion server and the C300 controller, effectively , allowing threat actors to take over the device and alter its operation. of the DCS controller.
“As a result, anyone with access to the network can impersonate both the controller and the server,” said Tom Gol, research CTO at Armis. Said. “Furthermore, the CDA protocol has design flaws that make it difficult to control data boundaries and can cause buffer overflows.”
In its own recommendations, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) states that seven of the nine flaws have a CVSS score of 9.8 out of 10 and the other two have a severity rating of 7.5. said. “Successfully exploiting these vulnerabilities could result in a denial of service condition that could lead to privilege escalation or remote code execution.” warned.
In a related development, Check Point and Claroty discovered a critical flaw in a chat and video calling platform known as QuickBlox, widely used in telemedicine, finance, and smart IoT devices. This vulnerability could allow an attacker to leak user databases from many popular applications that incorporate her QuickBlox SDK and API.
This includes Rozcom, an Israeli vendor that sells residential and commercial intercoms. A closer look at the mobile app revealed more bugs (CVE-2023-31184 and CVE-2023-31185) This made it possible to download an entire user database, impersonate any user, and perform a full account takeover attack.
“As a result, we were able to hijack all Rozcom intercom devices, giving us full control, allowing us to access their cameras and microphones, eavesdrop on their feeds, and even open doors managed by the devices. It is now possible to open it, ”said the researchers. Said.
A remote code execution vulnerability was also revealed this week. Aerohive/Extreme Networks Access Points Versions of HiveOS/Extreme IQ Engine prior to 10.6r2 and the open source Ghostscript library (CVE-2023-36664CVSS score: 9.8) allows arbitrary command execution.
Shielding Against Insider Threats: Mastering SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.
“Ghostscript is a widely used package, but not necessarily widely known,” says crawl researcher Dave Truman. Said. “This could be done in a number of ways, from opening the file in a vector image editor such as Inkscape, to printing the file via CUPS. It means that it is not limited to one application or will be immediately apparent.” ”
The security flaw lies in two Golang-based open source platforms, Owncast (CVE-2023-3188CVSS score: 6.5) and EaseProbe (CVE-2023-33967CVSS score: 9.8), server-side request forgery (SSRF) and SQL injection attack each.
Rounding out the list is the discovery of hardcoded credentials in a Technicolor TG670 DSL gateway router that could be weaponized by an authenticated user to gain full administrative control of the device.
“A remote attacker could use a default username and password to log into the router device as an administrator,” CERT/CC Said on recommendation. “This allows attackers to change the router’s administrative settings and use it in unexpected ways.”
Users are advised to disable remote management of their devices to prevent potential exploit attempts and check with their service provider for the availability of appropriate patches and updates.
