CYBER NEWS

Factory Automation beveiligingslekken kunnen leiden tot Code Injection

fabrieks-kwetsbaarheden-stforum

According to a new report by Applied Risk conducted by security researcher Alexandru Ariciu, “multiple vulnerabilities were found in MOXA E1242 Ethernet remote I/O series used in factory automation.” The vulnerabilities can trigger code injection in the web application, and in other cases concern weak password policies and implementation. Gelukkig, there are no known public exploits that target these vulnerabilities, De onderzoeker zegt.

Verwant: BTS beveiligingslekken Endanger GSM Veiligheid, Onderzoek toont aan

How Severe Are the Vulnerabilities?

One of the issues is found in the devices’ web application that fails to sanitize user input. This can lead to JavaScript injection in the webpage. tenslotte, the exploit could enable an attacker to execute arbitrary code in the user’s browser upon visiting the webpage.

An attacker can exploit this by visiting the affected web pages and modifying the parameters that were found to be vulnerable to this attack. The changes to this parameter are permanent, thus any user visiting the infected web page after the attacker will be at risk.

Another problem concerns the passwords which are sent via the HTTP GET method. The md5 hash of the password employed for authentication on the device is sent as a parameter in each GET request to the server, which is believed to be a bad practice. Waarom? An attacker can deploy a MiTM attack and bypass the authentication mechanism.

The password that is used to authenticate users to the system is truncated to 8 tekens. An user trying to use a longer password will have its password cut down to the first 8 tekens. Ook, the MD5 hash challenge that is created for authentication and is later used in all GET requests will be created using these first 8 tekens.

The researcher adds that this behavior is accepted as insecure, as it does not provide sufficient protection to the passwords used by the user and also forces the user to use simple passwords that can be easily bypassed.

Gelukkig, MOXA addressed the reported vulnerabilities by releasing a firmware update for the affected devices, beschikbaar hier.

Verwant: Auto's Aangesloten op Smartphones Vatbaar voor Hacks, Onderzoek naar MirrorLink Says

Automation Industries Flaws Are Mostly Proof-of-Concept

In a conversation with SCMagazine, Mark James from ESET shared that a prevalent number of the flaws in the automation industry are proof of concept.

Automation often involves heavy equipment doing precision work and if it fails it could cause thousands of pounds of damage. If that equipment were to go wrong around or close to humans then there is always the potential of injury or even death.

Milena Dimitrova

Milena Dimitrova

Een geïnspireerde schrijver en content manager die heeft met SensorsTechForum sinds het begin. Gericht op de privacy van gebruikers en malware ontwikkeling, ze gelooft sterk in een wereld waar cybersecurity speelt een centrale rol. Als het gezond verstand heeft geen zin, ze zullen er zijn om aantekeningen te maken. Deze toelichtingen kunnen later om te zetten in artikelen! Volg Milena @Milenyim

Meer berichten

Volg mij:
Tjilpen

Laat een bericht achter

Uw e-mailadres wordt niet gepubliceerd. Verplichte velden zijn gemarkeerd *

Termijn is uitgeput. Laad CAPTCHA.

Delen op Facebook Aandeel
Loading ...
Delen op Twitter Gekwetter
Loading ...
Delen op Google Plus Aandeel
Loading ...
Delen op Linkedin Aandeel
Loading ...
Delen op Digg Aandeel
Deel op Reddit Aandeel
Loading ...
Delen op StumbleUpon Aandeel
Loading ...