Industrial Cybersecurity Vulnerabilities Exposed
February 14, 2023
Two separate sets of research released this month have uncovered vulnerabilities and threats to physical operations in today's operational technology (OT) networks. Forescout Technologies was able to bypass safety and functional guardrails in an OT network and move laterally across different network segments at the lowest levels of the network. This was done using two newly disclosed Schneider Modicon M340 PLC vulnerabilities, a remote code execution (RCE) flaw and an authentication bypass vulnerability. According to Forescout security researcher Jos Wetzels, “We are trying to dispel the notion that you hear among asset owners and other parties that Level 1 devices and Level 1 networks are somehow different from regular Ethernet networks and Windows [machines] and that you cannot move through them in very similar ways. These systems are reachable, and you can bypass safety checks if you have the right level of control. We are showing how to do this.”
In a separate set of findings, a research team from ICS security provider Otorio found 38 vulnerabilities in products including cellular routers from Sierra Wireless and InHand Networks, and a remote access server for machines from ETIC Telecom. These flaws include two dozen Web interface bugs that could give an attacker a direct line of access to OT networks. The team was able to locate various OT sites via geolocated access points, including an oil well with weak authentication to its wireless device. This allows an attacker to hack industrial Wi-Fi access points and cellular gateways and wage man-in-the-middle attacks to manipulate or sabotage physical machinery in production sites. CVE-2022-45788 and CVE-2022-45789 have been assigned to these vulnerabilities. As Matan Dobrushin, vice president of research at Otorio, states, “You don't have to go through all of the layers of the enterprise IT network or firewalls. In this example, someone can just come with a laptop and connect directly to the most sensitive physical part of that network. This is what got our attention.”
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.