Researchers at an Israeli operational technology (OT) company have discovered multiple critical vulnerabilities in two popular industrial remote access software solutions.
The flaws can be exploited to access industrial production floors, break into company networks, tamper with data, or steal highly sensitive trade secrets.
Researchers at Otorio discovered the vulnerabilities in remote access systems made by Austrian automation and process control technology company B&R Automation and in mbConnect24 software made by German company mbConnect Line.
Otorio, which is headquartered in Tel Aviv, delivers next-generation secured OT, IOT, industrial control systems (ICS) security, and digital risk management solutions.
Six critical flaws affecting B&R Automation were identified in the company’s SiteManager and GateManager software that form part of the company’s Secure Remote Maintenance Suite. mbConnect’s mbConnect24 is used mostly for remote connection to industrial assets.
Describing the importance of the systems in which the flaws were spotted, Otorio stated: “These systems allow operations professionals access to manage, service and maintain industry machines remotely from anywhere in the world. Together, they serve thousands of sites in industries such as automotive, energy, oil & gas, metal, packaging, maritime and more.”
Otorio announced the flaws earlier today. Details of the vulnerabilities are now available on the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s website.
Researchers noted that by exploiting the B&R flaws, an attacker who has gained authorized access to the B&R solution (for example, by simply acquiring a legitimate general license, available to anyone) can view sensitive information about other users whose information resides on the same server.
This information, which may include data regarding assets, processes, and other sensitive items, could be used by attackers to target other organizations and their industrial systems.
Worryingly, exploitation of the flaws could also cause all operations to cease. Otorio stated: “The attacker can also trigger a repeated restart of both the GateManager and the SiteManager, leading eventually to a loss of availability and halt production.”
The vulnerabilities found in a highly accessible zone of mbConnect24 have since been fixed by the company in newer versions of the product. They allowed an attacker to leverage a vulnerable, outdated library to upload crafted authentication files.