Showing posts with label ransomware alert. Show all posts
Showing posts with label ransomware alert. Show all posts

Tuesday, December 7, 2021

Security Advisory on WebHMI Vulnerabilities Released by CISA


CISA's Industrial Controls Systems (ICS) advisory explains how vulnerabilities in Distributed Data Systems WebHMI products can be exploited.

 A remote attacker could use these flaws to take control of a vulnerable system.

CISA advises users and administrators to read the ICS warning ICSA-21-336-03 Distributed Data Systems WebHMI for more information and to take the appropriate precautions.

Distributed Data Systems WebHMI ICS Advisory (ICSA-21-336-03)

CVSS v3 10.0 EXECUTIVE SUMMARY

1. ATTENTION: Remotely exploitable/low attack complexity

Web HMI, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems

Vulnerabilities: Primary Weakness Authentication Bypass, Unrestricted Upload of Files of Dangerous Type

2. RISK ANALYSIS

Successful exploitation of these flaws could allow remote code execution with root access and administrator account login without password authentication.

3. TECHNICAL INFORMATION

3.1 PRODUCTS AFFECTED

Web HMI, a SCADA system with built-in web server functionality, is affected in the following versions:

Prior to 4.1, all versions

3.2 OVERVIEW OF VULNERABILITY

3.2.1 PRIMARY WEAKNESS BYPASSES AUTHENTICATION CWE-305

Although the authentication process is sound, the implemented mechanism can be overcome as a result of a distinct vulnerability that is not related to the authentication problem.

3.2.2 UNRESTRICTED UPLOAD OF DANGEROUS TYPE FILE CWE-434

The software allows attackers to upload or transfer potentially dangerous files which are automatically activated.

3.3 CRITICAL INFRASTRUCTURE SECTORS IN THE BACKGROUND: Manufacturing is really important.

DEPLOYED COUNTRIES/AREAS: Germany, Poland, Ukraine, and the United States

LOCATION OF THE COMPANY HEADQUARTERS: Ukraine

3.4 RESEARCHER CERT.PL's Marcin Dudek disclosed these flaws to CISA.

4. ACTIONS RECOMMENDED BY DISTRIBUTED DATA SYSTEMS

Upgrading the platform software to the most recent release, Version 4.1 CISA, advises users to take defensive actions to reduce the chance of these vulnerabilities being exploited. Users should, in particular,:

All control system devices and/or systems should have as little network exposure as possible, and they should not be accessible from the Internet.

Isolate control system networks and distant devices from the corporate network by placing them behind firewalls.

When remote access is essential, employ secure means such as Virtual Private Networks (VPNs), keeping in mind that VPNs may contain vulnerabilities and should be updated to the latest version available. Also keep in mind that a VPN is only as safe as the devices it connects to.

Reference article: CISA Releases Security Advisory on WebHMI Vulnerabilities

Looking for best Cybersecurity service company? Speak to our expert.


SOC Outsourcing: Solutions for SaaS Third-Party Risk Management

As businesses increasingly adopt Software-as-a-Service (SaaS) solutions, managing third-party risks becomes a critical aspect of maintaining...