Cybersecurity researchers have discovered essential vulnerabilities in industrial VPN implementations largely utilized to offer remote obtain to operational technologies (OT) networks that could make it possible for hackers to overwrite details, execute destructive code, and compromise industrial handle systems (ICS).
A new report posted by industrial cybersecurity corporation Claroty demonstrates many extreme vulnerabilities in enterprise-grade VPN installations, which include Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon’s eCatcher VPN consumer.
These vulnerable goods are widely utilized in subject-based industries these as oil and gas, water utilities, and electric utilities to remotely accessibility, retain and watch ICS and subject devices, which include programmable logic controllers (PLCs) and input/output devices.
In accordance to Claroty researchers, thriving exploitation of these vulnerabilities can give an unauthenticated attacker immediate accessibility to the ICS equipment and most likely trigger some physical problems.
In Secomean’s GateManager, scientists uncovered multiple stability flaws, which include a crucial vulnerability (CVE-2020-14500) that allows overwriting arbitrary data, executing arbitrary code, or producing a DoS condition, jogging commands as root, and obtaining person passwords owing to the use of a weak hash style.
GateManager is a commonly utilized ICS distant accessibility server deployed around the globe as a cloud-based SaaS alternative that allows users to join to the inner community from the net by way of an encrypted tunnel whilst staying away from server setups.
The crucial flaw, identified as CVE-2020-14500, impacts the GateManager ingredient, the principal routing instance in the Secomea remote accessibility remedy. The flaw takes place owing to inappropriate managing of some of the HTTP request headers offered by the consumer.
This flaw can be exploited remotely and with out necessitating any authentication to realize distant code execution, which could end result in attaining full entry to a customer’s inside network, alongside with the capability to decrypt all targeted visitors that passes by the VPN.
In Moxa EDR-G902 and EDR-G903 industrial VPN servers, scientists found a stack-centered buffer overflow bug (CVE-2020-14511) in the procedure internet server that can be induced just by sending a specially crafted HTTP request, finally making it possible for attackers to have out remote code execution without the will need for any credentials.
Claroty scientists also tested HMS Networks’ eCatcher, a proprietary VPN shopper that connects to the company’s eWon VPN machine, and observed that the solution is susceptible to a important stack-based buffer overflow (CVE-2020-14498) that can be exploited to attain remote code execution.
All an attacker demands to do is tricking victims into browsing a malicious web site or opening a malicious e-mail containing a precisely crafted HTML factor that triggers the flaw in eCatcher, sooner or later allowing attackers to acquire full regulate of the specific equipment.
All a few distributors had been notified of the vulnerabilities and responded speedily to launch security fixes that patch their products’ loopholes.
Secomea end users are advised to update their solutions to the newly released GateManager variations 9.2c / 9.2i, Moxa users require to update EDR-G902/3 to variation v5.5 by making use of firmware updates out there for the EDR-G902 collection and EDR-G903 collection, and HMS Networks buyers are suggested to update eCatcher to Version 6.5.5 or afterwards.