New Discoveries Reveal 11 Vulnerabilities Threatening Industrial Cellular Routers and OT Networks

In May 2023, Israeli industrial cybersecurity firm OTORIO disclosed 11 vulnerabilities in cloud management platforms associated with three industrial cellular router vendors. The vulnerabilities allow “remote code execution and full control over hundreds of thousands of devices and OT networks – in some cases, even those not actively configured to use the cloud.”

The three vendors affected by the vulnerabilities are:

InHand Networks
Teltonika Networks
Ubiquiti Networks

The vulnerabilities were found in the cloud management platforms used to configure and manage the routers. The platforms allow users to remotely update firmware, manage users and permissions, and monitor the health of the routers.

The vulnerabilities allow an attacker to gain access to the cloud management platform and then use that access to gain control of the routers. Once an attacker has control of the routers, they can then use them to launch attacks on OT networks.

The vulnerabilities have been patched by the vendors. However, it is likely that many devices are still vulnerable, as they may not have been updated.

The vulnerabilities highlight the need for organizations to carefully secure their industrial networks. OT networks are often not as well-protected as IT networks, and they can be a tempting target for attackers. Organizations should implement security measures to protect their OT networks, such as:

Using strong passwords and multi-factor authentication
Keeping software up to date
Implementing network segmentation
Monitoring for suspicious activity

By taking these steps, organizations can help to protect their OT networks from attack.

Here are some additional details about the vulnerabilities:

CVE-2023-22601: A command injection vulnerability in the InHand Networks cloud management platform allows an attacker to execute arbitrary commands on the router.
CVE-2023-22600: A privilege escalation vulnerability in the Teltonika Networks cloud management platform allows an attacker to gain root privileges on the router.
CVE-2023-22598: A cross-site scripting vulnerability in the Ubiquiti Networks cloud management platform allows an attacker to execute arbitrary JavaScript code on the router.

These vulnerabilities are serious and could allow attackers to gain control of industrial cellular routers. Organizations that use these routers should update them to the latest firmware and implement other security measures to protect their networks.

An attacker successfully exploiting these industrial routers and IoT devices can cause a number of impacts on compromised devices and networks, including monitoring network traffic and stealing sensitive data, hijacking internet connections and accessing internal services,” the companies said.

OTORIO said cloud-managed devices pose a “huge” supply-chain risk and that a single vendor compromise can act as a backdoor for accessing several OT networks in one sweep.

The development comes a little more than three months after the cybersecurity company disclosed 38 security flaws in the wireless industrial Internet of Things (IIoT) devices that could provide attackers a direct path to internal OT networks and put critical infrastructure at risk.

“As the deployment of IIoT devices becomes more popular, it’s important to be aware that their cloud management platforms may be targeted by threat actors,” security researcher Roni Gavrilov said. “A single IIoT vendor platform being exploited could act as a ‘pivot point’ for attackers, accessing thousands of environments at once.”

Facebook Comments

Related Trending Post:

Related News