SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Ransomware
#
ABB
Claroty's Team82 uncovers new ABB TotalFlow vulnerability
Mon, 14th Nov 2022
FYI, this story is more than a year old
Author image
By Mitchell Hageman, Managing Editor
Follow us

Claroty has uncovered a new vulnerability in ABB TotalFlow flow computers and controllers.

ABB TotalFlow is used within many large oil and gas utilities worldwide to calculate volume and flow rates for oil and gas, which are critical to electric power manufacturing and distribution. They are also used as inputs in other areas, including billing.

Claroty says the new vulnerability gives attackers the ability to gain root access on an ABB flow computer, allowing them to also read and write files and remotely execute code. They say an attacker could exploit a vulnerable system to inject and execute arbitrary code.

Analysis from Claroty's Team82 discovered a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB's TotalFlow Flow Computers and Remote Controllers, where attackers can exploit this flaw to gain root access.

Affected products include, ABB’s RMC-100 (Standard), the RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5 and UDC products.

ABB says that it has made a firmware update available that resolves the vulnerability in a number of product versions, and the company also recommends network segmentation as a mitigation tool. Users are also urged to immediately update their firmware to the latest version.

Team82 says the vulnerability's consequences will be similar to those suffered as a result of the Colonial Pipeline breach following its 2021 ransomware attack.

"Team82 focused on ABB flow computers because of their use within many large oil and gas utilities worldwide. We looked for vulnerabilities that could give an attacker the ability to influence measurements by remotely running code of their choice on the device," the reports says.

"As a result, Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB's TotalFlow Flow Computers and Remote Controllers. Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code."

The team says that in relation to billing, the flaw could result in extreme consequences. It could also cause a possible shutdown, with both IT and OT systems being affected.

"One other important aspect to the role of flow computers within a utility is billing. The most noteworthy and related security incident was the ransomware attack against Colonial Pipeline, which impacted enterprise systems, and forced the company to shut down production because it could not bill customers," the reports says.

"Disrupting the operation of flow computers is a subtle attack vector that could similarly impact not only IT, but also OT systems; this led us to research the security of these machines."

Related stories
IBM strengthens cyber resilience alliance with Cohesity
Mako boosts defence against cyber attacks with Radware's protection services
Appdome, Atlassian to automate secure mobile app delivery
Cado Security teams up with Wiz to bolster cloud security solutions
Survey finds half of businesses planning to adopt AI
Top stories
Check Point boosts email security with new AI-powered features
SentinelOne makes it to CRN's inaugural AI 100 list
Upwind fortifies Cloud Security Platform with identity security
Singapore firms suffer downtime due to fibre network disruption
Genetec unveils Security Center SaaS for cloud & hybrid deployments