HomeMalware & ThreatsRemote Exploitation of Industrial Switch Vulnerabilities

Remote Exploitation of Industrial Switch Vulnerabilities

Published on

spot_img

Researchers from Claroty’s Team82 recently discovered three critical vulnerabilities in industrial network switches, urging users to update their firmware to avoid potential exploitation by attackers. The vulnerabilities were found in WGS-804HPT switches manufactured by Planet Technology, which are commonly used in building and home automation networks to facilitate connectivity for IoT systems, IP surveillance cameras, and wireless LAN applications. These flaws could potentially allow attackers to gain remote control over automation systems, IoT devices, and surveillance networks.

Upon investigating the switches, Team82 identified multiple vulnerabilities in the web-based management interface, specifically in the dispatcher.cgi component. One of the vulnerabilities, tracked as CVE-2024-48871, is a stack-based buffer overflow with a CVSS score of 9.8, enabling remote code execution. The second flaw, CVE-2024-52320, also with a CVSS score of 9.8, involves an operating system command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands. The third vulnerability, CVE-2024-52558, with a CVSS score of 5.3, is an integer underflow flaw that can crash the device using malformed HTTP requests, leading to service disruptions.

These findings highlight the risks associated with unpatched devices in critical automation networks, as attackers could exploit these vulnerabilities to gain unauthorized access, disrupt operations, or execute arbitrary commands on the compromised devices. It is crucial for users of these switches to apply the firmware update provided by Planet Technology to mitigate these security risks effectively.

The vulnerabilities in the dispatcher.cgi component were a result of improper input validation mechanisms, allowing attackers to bypass authentication checks and execute malicious commands with root privileges. Additionally, the lack of sanitization of user-supplied data made the switch susceptible to reflected cross-site scripting attacks, potentially compromising the sessions of authenticated administrators.

To address these vulnerabilities, Planet Technology released a patched firmware update in response to Claroty’s report. Team82 replicated the switch’s architecture to create a controlled environment for dissecting the firmware and identifying the critical flaws. The researchers emphasized the importance of regularly updating firmware and implementing security best practices to protect industrial network devices from potential cyber threats.

Overall, the discovery of these vulnerabilities underscores the need for robust cybersecurity measures in industrial networks to prevent unauthorized access and ensure the integrity and security of critical infrastructure. By staying vigilant and proactive in addressing security vulnerabilities, organizations can effectively safeguard their operational technology systems from potential cyber attacks.

Source link

Latest articles

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...

Ransomware Groups Adopt Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Anubis Ransomware Operation: Exploiting Vulnerabilities for Malicious Gains The Anubis ransomware operation has recently been...

More like this

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...