Recently, Israeli industrial cybersecurity firm OTORIO presented its findings on security vulnerabilities that could pose severe risks to industrial environments. These vulnerabilities are associated with cloud management platforms utilized by three industrial cellular router vendors: Sierra Wireless, Teltonika Networks, and InHand Networks. The vulnerabilities were revealed at the Black Hat Asia 2023 conference. OTORIO demonstrated how attackers could exploit these vulnerabilities to gain remote code execution and complete control over hundreds of thousands of devices and OT networks.
The vulnerabilities could allow attackers to sidestep security protocols, exfiltrate sensitive data, and execute code remotely on internal networks. The issues could even be weaponized to obtain unauthorized access to devices and perform malicious operations such as shutting them down with elevated permissions. The vulnerabilities were discovered in the cloud-based management solutions offered by the affected vendors to manage and operate devices remotely.
In particular, the vulnerabilities are associated with three different attack vectors. Weak asset registration mechanisms for Sierra Wireless could allow attackers to scan for unregistered devices connected to the cloud, obtain their serial numbers, register them to an account under their control, and execute arbitrary commands.
Flaws in security configurations for InHand Networks could allow an unauthorized user to leverage CVE-2023-22601, CVE-2023-22600, and CVE-2023-22598, a command injection flaw, to gain remote code execution with root privileges, issue reboot commands, and push firmware updates. A threat actor could abuse external APIs and interfaces for Teltonika Networks to “expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and allow impersonation of legitimate devices.”
The six flaws impacting Teltonika Networks were discovered following a “comprehensive research” collaboration with Claroty. The vulnerabilities pose a significant supply-chain risk, as a single vendor compromise could be a backdoor for accessing several OT networks simultaneously. Cloud-managed devices allow attackers to access multiple environments simultaneously, making them valuable targets. As IoT devices become more prevalent, it is essential to know that threat actors may target their cloud management platforms.
These vulnerabilities highlight the importance of implementing robust security protocols to protect industrial environments from cyber threats. Cloud management platforms offer convenience but must be secured adequately to prevent unauthorized access and ensure data privacy and integrity. All organizations utilizing IoT devices and cloud management platforms must remain vigilant and proactively safeguard their networks and devices.