sb-as logo
Story image

VPN vulnerabilities pose serious risk to OT Networks

30 Jul 2020

Researchers from cybersecurity firm Claroty has uncovered vulnerabilities in VPN servers and clients, including Seacomea GateManager, Moxa industrial VPN server, and the HMS eWon.

According to researchers, these products are widely used in industries such as water, oil and gas, and electricity providers and other places where remote sites demand secure connectivity.

These industries use VPNs to enable remote workers and third parties to connect to customer sites in order to provide monitoring or maintenance to programmable logic controllers, as well as other devices.

The vulnerabilities could enable attackers to take control of VPN servers and clients to gain access to internal, secure networks. Attackers can also slip past perimeter security, leading to a complete security breach.

Furthermore, attackers could potentially decrypt all traffic passing through the organisation’s VPN. 

Claroty researchers share further details about the products and associated vulnerabilities. All respective vendors have now patched the vulnerabilities in their products.

“Claroty says these products are typically offered as white-labelled solutions that companies can purchase for their own use, but because the underlying software is the same in all variations, the vulnerabilities would be common to all.”

Secomea GateManager - CVE-2020-14500

The bug results from improper handling of some of the HTTP request headers provided by the client. Claroty says it could result in a complete security breach that grants full access to a customer’s internal network, along with the ability to decrypt all traffic passing through the VPN.

Moxa industrial VPN server - CVE-2020-14511

Claroty says these industrial VPN routers are widely used across critical infrastructure sectors such as manufacturing, energy and transportation and often exposed to the Internet. An attacker could use a specially crafted HTTP request to trigger a stack-based overflow in the system web server and carry out remote code execution without the need for any credentials.

HMS eWon - CVE-2020-14498

eWon is a VPN device that remote clients connect to using a proprietary VPN client called eCatcher, which runs on a PC. Attackers can send a phishing email to the address associated with that PC and compromise eCatcher. If a user opens the email, the attacker can run code with highest privilege and then compromise the machine.
“With the growth in remote working, Claroty expects to see increased use of these platforms and increased use for security-critical applications. It predicts that these and other vulnerabilities could be exploited by financially motivated attackers to launch DDoS attacks,” the company concludes.

Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More