Researchers found numerous critical vulnerabilities in Utilities VPNs. Exploiting these vulnerabilities could not only risk the OT networks of industries but also cause physical damages.
Utilities VPNs Vulnerabilities Found
Researchers from the cybersecurity firm Claroty have found multiple vulnerabilities in Utilities VPNs. These include bugs of varying severity levels including some critical flaws. The vulnerabilities directly posed a threat to Operational Technology (OT) networks of the Industrial Control System (ICS) industry.
Describing the details in a report, the researchers stated that the vulnerabilities affected industries like oil & gas, water utilities, and electric utilities. While the deployed devices were supposed to ensure maintenance and monitoring to field controllers, the underlying bugs made them risky for the industries.
Explaining the severity of a possible exploit, the researchers state,
Apart from connectivity between sites these solutions are also used to enable remote operators and third-party vendors to dial into customer sites and provide maintenance and monitoring for PLCs and other Level 1/0 devices. This kind of access has become especially prioritized in recent months due to the new reality of COVID-19.
Specifically, the researchers found three different vendors vulnerable: Secomea, HMS Networks, and Moxa.
In the case of Secomea, the vulnerability CVE-2020-14500 affected the GateManager component in the Secomea remote access solution. GateManager is the main routing component here that is directly exposed to the internet. Describing the bug, the researchers state,
The discovered bug occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required.
In turn, this vulnerability could also allow an attacker to gain full access and decrypt all traffic transmitted through the VPN. This could result in a breach of data.
Likewise, a stack-based overflow vulnerability CVE-2020-14511 affected Moxa. And, CVE-2020-14498, a stack-buffer overflow bug affected the HMS Networks eWon product. Upon exploitation, these vulnerabilities could also code execution.
The researchers found all three vulnerabilities in different instances. Following their report, the respective vendors already released the patches earlier.
So now, the threat is over. Nonetheless, such vulnerabilities reiterate the need for implementing robust security measures by various industries. Especially, in the present scenario of work-from-home due to COVID-19, addressing such bugs becomes more important as the platforms seemingly draw more attention.
Let us know your thoughts in the comments.