11 New Vulnerabilities Expose OT Networks in Industrial Cellular Routers.

Reading Time: ( Word Count: )

May 15, 2023
Nextdoorsec-course

Recently, Israeli industrial cybersecurity firm OTORIO presented its findings on security vulnerabilities that could pose severe risks to industrial environments. These vulnerabilities are associated with cloud management platforms utilized by three industrial cellular router vendors: Sierra Wireless, Teltonika Networks, and InHand Networks. The vulnerabilities were revealed at the Black Hat Asia 2023 conference. OTORIO demonstrated how attackers could exploit these vulnerabilities to gain remote code execution and complete control over hundreds of thousands of devices and OT networks.

The vulnerabilities could allow attackers to sidestep security protocols, exfiltrate sensitive data, and execute code remotely on internal networks. The issues could even be weaponized to obtain unauthorized access to devices and perform malicious operations such as shutting them down with elevated permissions. The vulnerabilities were discovered in the cloud-based management solutions offered by the affected vendors to manage and operate devices remotely.

In particular, the vulnerabilities are associated with three different attack vectors. Weak asset registration mechanisms for Sierra Wireless could allow attackers to scan for unregistered devices connected to the cloud, obtain their serial numbers, register them to an account under their control, and execute arbitrary commands.

Read Also: “New Stealthy Variant of BPFDoor Linux Backdoor Discovered”

New Vulnerabilities Expose OT Networks

Flaws in security configurations for InHand Networks could allow an unauthorized user to leverage CVE-2023-22601, CVE-2023-22600, and CVE-2023-22598, a command injection flaw, to gain remote code execution with root privileges, issue reboot commands, and push firmware updates. A threat actor could abuse external APIs and interfaces for Teltonika Networks to “expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and allow impersonation of legitimate devices.”

The six flaws impacting Teltonika Networks were discovered following a “comprehensive research” collaboration with Claroty. The vulnerabilities pose a significant supply-chain risk, as a single vendor compromise could be a backdoor for accessing several OT networks simultaneously. Cloud-managed devices allow attackers to access multiple environments simultaneously, making them valuable targets. As IoT devices become more prevalent, it is essential to know that threat actors may target their cloud management platforms.

These vulnerabilities highlight the importance of implementing robust security protocols to protect industrial environments from cyber threats. Cloud management platforms offer convenience but must be secured adequately to prevent unauthorized access and ensure data privacy and integrity. All organizations utilizing IoT devices and cloud management platforms must remain vigilant and proactively safeguard their networks and devices.

Noor Khan

Noor Khan

Author

My name is Noor, and I am a seasoned entrepreneur focused on the area of artificial intelligence. As a robotics and cyber security researcher, I love to share my knowledge with the community around me.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *