Factory Automation Vulnerabilities Could Trigger Code Injection - How to, Technology and PC Security Forum | SensorsTechForum.com
CYBER NEWS

Factory Automation Vulnerabilities Could Trigger Code Injection

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

factory-vulnerabilities-stforum

According to a new report by Applied Risk conducted by security researcher Alexandru Ariciu, “multiple vulnerabilities were found in MOXA E1242 Ethernet remote I/O series used in factory automation.” The vulnerabilities can trigger code injection in the web application, and in other cases concern weak password policies and implementation. Fortunately, there are no known public exploits that target these vulnerabilities, the researcher says.

Related: BTS Vulnerabilities Endanger GSM Security, Research Shows

How Severe Are the Vulnerabilities?

One of the issues is found in the devices’ web application that fails to sanitize user input. This can lead to JavaScript injection in the webpage. Eventually, the exploit could enable an attacker to execute arbitrary code in the user’s browser upon visiting the webpage.

An attacker can exploit this by visiting the affected web pages and modifying the parameters that were found to be vulnerable to this attack. The changes to this parameter are permanent, thus any user visiting the infected web page after the attacker will be at risk.

Another problem concerns the passwords which are sent via the HTTP GET method. The md5 hash of the password employed for authentication on the device is sent as a parameter in each GET request to the server, which is believed to be a bad practice. Why? An attacker can deploy a MiTM attack and bypass the authentication mechanism.

The password that is used to authenticate users to the system is truncated to 8 characters. An user trying to use a longer password will have its password cut down to the first 8 characters. Also, the MD5 hash challenge that is created for authentication and is later used in all GET requests will be created using these first 8 characters.

The researcher adds that this behavior is accepted as insecure, as it does not provide sufficient protection to the passwords used by the user and also forces the user to use simple passwords that can be easily bypassed.

Fortunately, MOXA addressed the reported vulnerabilities by releasing a firmware update for the affected devices, available here.

Related: Cars Connected to Smartphones Prone to Hacks, Research on MirrorLink Says

Automation Industries Flaws Are Mostly Proof-of-Concept

In a conversation with SCMagazine, Mark James from ESET shared that a prevalent number of the flaws in the automation industry are proof of concept.

Automation often involves heavy equipment doing precision work and if it fails it could cause thousands of pounds of damage. If that equipment were to go wrong around or close to humans then there is always the potential of injury or even death.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...