HomeCyber BalkansSecurity Flaws in Honeywell VirtualUOC Can Allow Remote Code Execution

Security Flaws in Honeywell VirtualUOC Can Allow Remote Code Execution

Published on

spot_img

Team82 uncovered critical vulnerabilities in Honeywell’s ControlEdge Virtual Unit Operations Center (UOC), which has raised concerns about the security of industrial control systems (ICS). The vulnerabilities were found within the EpicMo protocol implementation, allowing potential attackers to execute remote code without authentication.

Honeywell’s proprietary communication protocol, EpicMo, is utilized to debug and diagnose Honeywell controllers. Operating over TCP port 55565, the protocol includes various function codes like ReadMemory, WriteMemory, Reboot, and ReadCrashBlock. However, Team82’s research revealed undocumented functions within the protocol that could be exploited to write files on Virtual UOC controllers without proper sanitation.

One of the most critical vulnerabilities identified is CVE-2023-5389, stemming from the LoadFileToModule function within the EpicMo protocol. This function enables users to write files to the controller without proper validation, potentially leading to remote code execution. Exploiting this vulnerability requires sending a series of packets to the controller to initiate the file write, followed by data packets, and concluding with a final command to signal the end of the upload.

By overwriting a system-shared object file with a malicious payload, an attacker could achieve code execution upon the controller’s reboot. Another vulnerability, CVE-2023-5390, was also identified in the EpicMo protocol, with fewer specific details but a moderate severity score of 5.3 in the CVSS v3 rating. These vulnerabilities underscore the risks associated with proprietary protocols in industrial environments.

In response to these findings, Honeywell has updated the Virtual UOC to address the vulnerabilities, and the Cybersecurity Infrastructure & Security Agency (CISA) has issued an advisory urging users to update to the latest versions. While Honeywell’s swift action is commendable, it serves as a reminder of the critical importance of robust security measures in industrial control systems.

The discovery of vulnerabilities in the Virtual UOC emphasizes the need for continuous security assessments and updates in industrial environments. As proprietary protocols like EpicMo are crucial for the operation of ICS, ensuring their security is vital to safeguard industrial processes from manipulation or disruption. Users of Honeywell’s Virtual UOC are advised to update their systems promptly and remain vigilant against potential threats.

Overall, the vulnerabilities found in Honeywell’s ControlEdge Virtual UOC highlight the ongoing challenges in securing industrial control systems and reinforce the need for strong cybersecurity practices in critical infrastructure. Continuous monitoring, timely updates, and user awareness play crucial roles in mitigating the risks posed by such vulnerabilities and protecting industrial operations from potential cyber threats.

Source link

Latest articles

Proton Introduces Business Continuity Service to Ensure Communication During Outages

Swiss encrypted communications provider Proton has recently introduced a dedicated business continuity service aimed...

Surge in Compromised Logins Becomes the Primary Entry Point for Ransomware

Identity-Based Attacks: A Growing Threat in Cybersecurity Identity-based attacks and the exploitation of compromised credentials...

US Launches AI-Powered Gold Eagle Cybersecurity Group

White House Establishes Gold Eagle: A New Initiative in Cybersecurity Collaboration In a significant move...

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

More like this

Proton Introduces Business Continuity Service to Ensure Communication During Outages

Swiss encrypted communications provider Proton has recently introduced a dedicated business continuity service aimed...

Surge in Compromised Logins Becomes the Primary Entry Point for Ransomware

Identity-Based Attacks: A Growing Threat in Cybersecurity Identity-based attacks and the exploitation of compromised credentials...

US Launches AI-Powered Gold Eagle Cybersecurity Group

White House Establishes Gold Eagle: A New Initiative in Cybersecurity Collaboration In a significant move...