Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Factory Automation Vulnerabilities Could Trigger Code Injection

factory-vulnerabilities-stforum

According to a new report by Applied Risk conducted by security researcher Alexandru Ariciu, “multiple vulnerabilities were found in MOXA E1242 Ethernet remote I/O series used in factory automation.” The vulnerabilities can trigger code injection in the web application, and in other cases concern weak password policies and implementation. Fortunately, there are no known public exploits that target these vulnerabilities, the researcher says.

Related: BTS Vulnerabilities Endanger GSM Security, Research Shows

How Severe Are the Vulnerabilities?

One of the issues is found in the devices’ web application that fails to sanitize user input. This can lead to JavaScript injection in the webpage. Eventually, the exploit could enable an attacker to execute arbitrary code in the user’s browser upon visiting the webpage.

An attacker can exploit this by visiting the affected web pages and modifying the parameters that were found to be vulnerable to this attack. The changes to this parameter are permanent, thus any user visiting the infected web page after the attacker will be at risk.

Another problem concerns the passwords which are sent via the HTTP GET method. The md5 hash of the password employed for authentication on the device is sent as a parameter in each GET request to the server, which is believed to be a bad practice. Why? An attacker can deploy a MiTM attack and bypass the authentication mechanism.

The password that is used to authenticate users to the system is truncated to 8 characters. An user trying to use a longer password will have its password cut down to the first 8 characters. Also, the MD5 hash challenge that is created for authentication and is later used in all GET requests will be created using these first 8 characters.

The researcher adds that this behavior is accepted as insecure, as it does not provide sufficient protection to the passwords used by the user and also forces the user to use simple passwords that can be easily bypassed.

Fortunately, MOXA addressed the reported vulnerabilities by releasing a firmware update for the affected devices, available here.

Related: Cars Connected to Smartphones Prone to Hacks, Research on MirrorLink Says

Automation Industries Flaws Are Mostly Proof-of-Concept

In a conversation with SCMagazine, Mark James from ESET shared that a prevalent number of the flaws in the automation industry are proof of concept.

Automation often involves heavy equipment doing precision work and if it fails it could cause thousands of pounds of damage. If that equipment were to go wrong around or close to humans then there is always the potential of injury or even death.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.