SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Big Data
#
BI
#
Cybersecurity
Claroty Team82 discovers cybersecurity threats to industrial automation systems
Thu, 14th Dec 2023
Author image
By Sean Mitchell, Publisher
Follow us

In a stark display of the ongoing threats to industrial automations, security researchers from Team82 at Claroty have discovered a series of vulnerabilities in popular Operational Technology (OT) protocol clients: the Inductive Automation Ignition and Softing edgeAggregator. Worryingly, the team at Claroty demonstrated how these vulnerabilities could be exploited to gain full control over the clients, including potentially devastating remote code execution capabilities.

Both the Ignition and Softing systems are integral to industrial automation across diverse sectors. Amongst their crucial functions, these OT clients are instrumental in the creation and implementation of automation systems and in the gathering and visualisation of data. Exploitation of these features could therefore have far-reaching and severe repercussions.

By linking various vulnerabilities, the Claroty squad was successful in taking total control of both clients. These vulnerabilities were identified as CVE-2023-27335, CVE-2023-38126, CVE-2023-38125, CVE-2023-38121 and CVE-2023-38124. The experts at Claroty combined 'old' and 'new' attack strategies to reveal zero days in both clients, exploiting the OPC UA client's faith in the data it obtains from the OPC UA server.

Inductive Automation’s Ignition is a software platform for industrial automation and control that is often used in various industrial environments, including manufacturing, oil and gas, and water. When examining Ignition OPC UA client, the researchers discovered that the client displayed an inherent Cross-site Scripting (XSS) vulnerability, arising from incorrect data sanitisation from the OPC UA protocol. The XSS vulnerability was then manipulated to take actions on behalf of the user, leading to code execution.

Softing edgeAggregator presents its users with a platform for efficient data management tailored to handle copious amounts of industrial information from diverse sources. Similar to the Inductive Automation client, Softing edgeAggregator was also found to be susceptible to an XSS attack. Furthermore, the team identified an insecure backup procedure on the Softing server, which allowed attackers to write arbitrary files in arbitrary locations, ultimately culminating in a remote code execution.

These findings are concerning and have wide-ranging implications for the industries reliant on these systems. Be that as it may, the vulnerabilities detected by Team82 have been rectified by both vendors. Softing and Inductive Automation users are being advised to immediately update their installations, applying the necessary patches to shield their systems from these newfound vulnerabilities.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
ExtraHop report shows Singapore firms vulnerable to ransomware attacks
Jason Haddix joins Flare as Field Chief Information Security Officer
Ransomware threats escalating in Southeast Asia – report
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds