Cybersecurity researchers have found vital vulnerabilities in industrial VPN implementations primarily used to supply distant entry to operational expertise (OT) networks that might enable hackers to overwrite information, execute malicious code, and compromise industrial management programs (ICS).
A brand new report printed by industrial cybersecurity firm Claroty demonstrates a number of extreme vulnerabilities in enterprise-grade VPN installations, together with Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon’s eCatcher VPN consumer.
These weak merchandise are extensively utilized in field-based industries reminiscent of oil and fuel, water utilities, and electrical utilities to remotely entry, keep and monitor ICS and subject units, together with programmable logic controllers (PLCs) and enter/output units.
In response to Claroty researchers, profitable exploitation of those vulnerabilities may give an unauthenticated attacker direct entry to the ICS units and probably trigger some bodily harm.
In Secomean’s GateManager, researchers uncovered a number of safety flaws, together with a vital vulnerability (CVE-2020-14500) that enables overwriting arbitrary information, executing arbitrary code, or inflicting a DoS situation, operating instructions as root, and acquiring person passwords as a result of using a weak hash sort.
GateManager is a extensively used ICS distant entry server deployed worldwide as a cloud-based SaaS resolution that enables customers to connect with the inner community from the web by way of an encrypted tunnel whereas avoiding server setups.
The vital flaw, recognized as CVE-2020-14500, impacts the GateManager element, the principle routing occasion within the Secomea distant entry resolution. The flaw happens as a result of improper dealing with of among the HTTP request headers offered by the consumer.
This flaw may be exploited remotely and with out requiring any authentication to attain distant code execution, which might end in gaining full entry to a buyer’s inside community, together with the flexibility to decrypt all visitors that passes by way of the VPN.
In Moxa EDR-G902 and EDR-G903 industrial VPN servers, researchers found a stack-based buffer overflow bug (CVE-2020-14511) within the system net server that may be triggered simply by sending a specifically crafted HTTP request, ultimately permitting attackers to hold out distant code execution with out the necessity for any credentials.
Claroty researchers additionally examined HMS Networks’ eCatcher, a proprietary VPN consumer that connects to the corporate’s eWon VPN machine, and located that the product is weak to a vital stack-based buffer overflow (CVE-2020-14498) that may be exploited to attain distant code execution.
All an attacker must do is tricking victims into visiting a malicious web site or opening a malicious electronic mail containing a particularly crafted HTML component that triggers the flaw in eCatcher, ultimately permitting attackers to take full management of the focused machine.
All three distributors have been notified of the vulnerabilities and responded rapidly to launch safety fixes that patch their merchandise’ loopholes.
Secomea customers are really helpful to replace their merchandise to the newly launched GateManager variations 9.2c / 9.2i, Moxa customers have to replace EDR-G902/three to model v5.5 by making use of firmware updates out there for the EDR-G902 collection and EDR-G903 collection, and HMS Networks customers are suggested to replace eCatcher to Model 6.5.5 or later.