A series of 38 security vulnerabilities were discovered in wireless Industrial Internet of Things (IIoT) devices from four different vendors. This can be a significant attack surface for threat actors looking to exploit operational technology (OT) environments.
“Threat actors can exploit vulnerabilities in wireless IIoT devices to gain initial access to internal OT networks,” says Israeli industrial cybersecurity firm Otorio. “They can use these vulnerabilities to bypass security layers and infiltrate target networks, compromising critical infrastructure or disrupting production.”
Simply put, vulnerabilities provide a remote entry point for attacks, allowing unauthenticated adversaries to gain a foothold and use it to spread to other hosts and cause significant damage. increase.
According to security researcher Roni Gavrilov, some of the identified shortcomings may be cascading, allowing outside actors to directly access thousands of internal OT networks over the Internet.
Of the 38 flaws, 3 affected ETIC Telecom’s Remote Access Server (RAS) (CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981) and affected vulnerable devices. It can be abused to take complete control.
Five other vulnerabilities related to InHand Networks’ InRouter 302 and InRouter 615 can lead to command injection, information disclosure, and code execution when exploited.
Specifically, it takes advantage of the “device manager” cloud platform issue to allow operators to perform remote actions such as configuration changes and firmware upgrades, and roots all cloud-managed InRouter devices. infringes on
Two vulnerabilities (CVE-2022-46649 and CVE-2022-46650) have also been identified in the Sierra Wireless AirLink Router, potentially allowing loss of sensitive information and remote code execution. The remaining flaws are still under responsible disclosure.
The findings highlight how OT networks can be compromised by allowing IIoT devices to be directly accessible over the internet.
Alternatively, local attackers can target on-site Wi-Fi or cellular channels to compromise industrial Wi-Fi access points and cellular gateways, leading to potentially damaging man-in-the-middle (AitM) scenarios. may be connected.
Attacks range from targeting weak cryptography to coexistence attacks targeting combo chips widely used in electronic devices.
To accomplish this, attackers leverage platforms such as WiGLE (databases of various wireless hotspots around the world) to identify high-value industrial environments, physically locate them, and place them in proximity. Otorio said that any access point that has been compromised can be exploited.
As a countermeasure, we recommend disabling insecure encryption schemes, hiding Wi-Fi network names, disabling unused cloud management services, and taking steps to prevent exposing your device. .
“The low exploit complexity and wide potential impact make wireless IIoT devices and their cloud-based management platforms attractive targets for attackers seeking to penetrate industrial environments,” the company said. says.
This development also saw Otorio reveal details of two critical flaws in the Siemens Automation License Manager (CVE-2022-43513 and CVE-2022-43514). These flaws can be combined to remotely execute code and elevate privileges. The bug was patched by Siemens in January 2023.
