Multiple security vulnerabilities have been discovered in various services, such as the Honeywell Experion Distributed Control System (DCS) and QuickBlox, which, if successfully exploited, could result in a significant compromise of the affected system.
Nine flaws in the Honeywell Experion DCS platform, dubbed Crit.IX, allow for “unauthorized remote code execution.” This means that an attacker can hijack a device and have the power to change the behavior of the DCS controller while hiding the changes. It’s an engineering workstation that manages the controller,” Almis said in a statement shared with HackerNews.
In other words, the problem is related to the lack of encryption and proper authentication mechanisms in the proprietary protocol called Control Data Access (CDA) used for communication between the Experion server and the C300 controller, effectively , allowing threat actors to take over the device and alter its operation. of the DCS controller.
“As a result, anyone with access to the network can impersonate both the controller and the server,” said Tom Gol, research CTO at Armis. “Furthermore, the CDA protocol has design flaws that make it difficult to control data boundaries, and buffers can overflow.”
In a related development, Check Point and Claroty discovered a critical flaw in a chat and video calling platform known as QuickBlox, widely used in telemedicine, finance, and smart IoT devices. This vulnerability could allow an attacker to leak user databases from many popular applications that incorporate her QuickBlox SDK and API.
This includes Rozcom, an Israeli vendor that sells residential and commercial intercoms. Upon closer inspection of the mobile app, we discovered additional bugs (CVE-2023-31184 and CVE-2023-31185) that allowed us to download the entire user database, impersonate any user, and launch a full account takeover attack. I was.
“As a result, we have been able to hijack all Rozcom intercom devices, giving us complete control, allowing us to access the devices’ cameras and microphones, eavesdrop on feeds, and open doors controlled by the devices. We were able to do that,” the researchers said.
Also disclosed this week was an attack on Aerohive/Extreme Networks access points running HiveOS/Extreme IQ Engine prior to version 10.6r2 and the open source Ghostscript library (CVE-2023-36664, CVSS score: 9.8). Affecting remote code execution flaws. Execution of arbitrary commands.
Shielding Against Insider Threats: Mastering SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.
join today
“Ghostscript is a widely used package, but not necessarily widely known,” says Kroll researcher Dave Truman. “This could be done in a number of ways, from opening the file in a vector graphics editor such as Inkscape, to printing the file via CUPS. It means that it is not limited to one application or will be immediately apparent.” “
Rounding out the list is the discovery of hardcoded credentials in a Technicolor TG670 DSL gateway router that could be weaponized by an authenticated user to gain full administrative control of the device.
“A remote attacker could use a default username and password to log into the router device as an administrator,” the CERT/CC said in its advisory. “This allows attackers to change the router’s administrative settings and use it in unexpected ways.”
Users are advised to disable remote management of their devices to prevent potential exploit attempts and check with their service provider for the availability of appropriate patches and updates.
