Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks
A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon’s eCatcher VPN client.
These vulnerable products are widely used in field-based industries such as oil and gas, water utilities, and electric utilities to remotely access, maintain and monitor ICS and field devices, including programmable logic controllers (PLCs) and input/output devices.
According to Claroty researchers, successful exploitation of these vulnerabilities can give an unauthenticated attacker direct access to the ICS devices and potentially cause some physical damage.
In Secomean’s GateManager, researchers uncovered multiple security flaws, including a critical vulnerability (CVE-2020-14500) that allows overwriting arbitrary data, executing arbitrary code, or causing a DoS condition, running commands as root, and obtaining user passwords due to the use of a weak hash type.
GateManager is a widely used ICS remote access server deployed worldwide as a cloud-based SaaS solution that allows users to connect to the internal network from the internet through an encrypted tunnel while avoiding server setups.
The critical flaw, identified as CVE-2020-14500, affects the GateManager component, the main routing instance in the Secomea remote access solution. The flaw occurs due to improper handling of some of the HTTP request headers provided by the client.
This flaw can be exploited remotely and without requiring any authentication to achieve remote code execution, which could result in gaining full access to a customer’s internal network, along with the ability to decrypt all traffic that passes through the VPN.
In Moxa EDR-G902 and EDR-G903 industrial VPN servers, researchers discovered a stack-based buffer overflow bug (CVE-2020-14511) in the system web server that can be triggered just by sending a specially crafted HTTP request, eventually allowing attackers to carry out remote code execution without the need for any credentials.
Claroty researchers also tested HMS Networks’ eCatcher, a proprietary VPN client that connects to the company’s eWon VPN device, and found that the product is vulnerable to a critical stack-based buffer overflow (CVE-2020-14498) that can be exploited to achieve remote code execution.
All an attacker needs to do is tricking victims into visiting a malicious website or opening a malicious email containing a specifically crafted HTML element that triggers the flaw in eCatcher, eventually allowing attackers to take complete control of the targeted machine.
All three vendors were notified of the vulnerabilities and responded quickly to release security fixes that patch their products’ loopholes.
Secomea users are recommended to update their products to the newly released GateManager versions 9.2c / 9.2i, Moxa users need to update EDR-G902/3 to version v5.5 by applying firmware updates available for the EDR-G902 series and EDR-G903 series, and HMS Networks users are advised to update eCatcher to Version 6.5.5 or later.
Source: The Hacker News
The Future of Privacy – Why Using and Protecting Personal Data Is a Vital Business Imperative
Safe handling of digital identities: 5 key questions.
Privacy By Design: Responding To The EU-US Privacy Shield Ruling
- Are You Doing Digital Trust Right? By AET Europe – Part 2
- Are You Doing Digital Trust Right? By AET Europe – Part 1
- When do government agencies need to verify individuals (and what are their workflows)?
- XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
- Grupo Stefanini anuncia investimento de R$ 2 bilhões em M&A até 2027
- Cryptography in Modern Business Operations
- NetApp maintains push to data management for AI
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials
- Launch a Network with Restaked Security in Minutes: Tanssi and Symbiotic Set New Ethereum Standard
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events
- Oracle Cloud Infrastructure Expands NVIDIA GPU-Accelerated Instances for AI, Digital Twins and More
- HID and AWS Collaborate to Deliver Advanced Facial Imaging Technology Powered by AI
- HID & Santander team to secure mobile banking with authentication technology
- Unlocking the Potential of the Brazilian Blockchain and Digital Finance Market
- NVIDIA Announces Generative AI Models and NIM Microservices forOpenUSD Language, Geometry, Physics and Materials
- Why We Must Democratize Cybersecurity
- Mejora CIAM la experiencia del cliente y la seguridad de sus datos
- AI and the Rise of Mediocrity
- Las empresas que usan biometría celebran una ley de IA que ofrece “garantías” y “sienta las bases del juego”
- Next steps in preparing for post-quantum cryptography