The Open Automation Software (OAS) platform recently discovered eight new vulnerabilities that, if leveraged, could have caused another supply chain security disaster.
According to Talos, Cisco’s Cybersecurity Arm, errors include two high-intensity vulnerabilities – CVE-2022-26833 (Intensity Score 9.4) and CVE-2022-26082 (Intensity Score 9.1) – which can enable threatening actors to configure. Platform for creating new security groups and running arbitrary code.
Various other vulnerabilities discovered on the platform could be misused to send network requests, draw directory lists, steal passwords, and deny service attacks.
Addressing weakness
According to RegistrarCisco has worked with OAS to address vulnerabilities and issue patches.
Speaking to the publication, Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, described the flaws as “among today’s most formidable cyber security threats”, using OAS by most major industry organizations.
Its users include Volvo, General Dynamics or AES, which use it to facilitate data transfer within their IT environment. OAS has been described as essential to the corporate Internet of Things (IIoT) efforts of these organizations.
“An attacker with the ability to disrupt or modify the functionality of these devices can cause catastrophic damage to important infrastructure facilities, but an attack may be something that may not be immediately apparent,” Clements commented.
He compared the flaws to Stuxnet, a worm more than a decade old that has caused serious damage to Iran’s nuclear program. The worm was used to break down some components in nuclear installations that, despite being defective, were reported to work normally.
What’s more, the affected systems are so important to these companies that many have stopped taking them offline for patching year after year.
“In some cases, air gaps can be a double-edged sword,” Clements said. “Malicious USB devices have been leveraged several times to spread malware on air-gapped networks, and unless special consideration is given to patching security on isolated networks, the malicious code often finds itself in an environment conducive to exploitation.”
Through Registrar (Opens in new tab)
