CISA's Industrial Controls Systems (ICS) advisory explains how vulnerabilities in Distributed Data Systems WebHMI products can be exploited.
A remote attacker could use these flaws to take control of a vulnerable system.
CISA advises users and administrators to read the ICS warning ICSA-21-336-03 Distributed Data Systems WebHMI for more information and to take the appropriate precautions.
Distributed Data Systems WebHMI ICS Advisory (ICSA-21-336-03)
CVSS v3 10.0 EXECUTIVE SUMMARY
1. ATTENTION: Remotely exploitable/low attack complexity
Web HMI, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems, Distributed Data Systems
Vulnerabilities: Primary Weakness Authentication Bypass, Unrestricted Upload of Files of Dangerous Type
2. RISK ANALYSIS
Successful exploitation of these flaws could allow remote code execution with root access and administrator account login without password authentication.
3. TECHNICAL INFORMATION
3.1 PRODUCTS AFFECTED
Web HMI, a SCADA system with built-in web server functionality, is affected in the following versions:
Prior to 4.1, all versions
3.2 OVERVIEW OF VULNERABILITY
3.2.1 PRIMARY WEAKNESS BYPASSES AUTHENTICATION CWE-305
Although the authentication process is sound, the implemented mechanism can be overcome as a result of a distinct vulnerability that is not related to the authentication problem.
3.2.2 UNRESTRICTED UPLOAD OF DANGEROUS TYPE FILE CWE-434
The software allows attackers to upload or transfer potentially dangerous files which are automatically activated.
3.3 CRITICAL INFRASTRUCTURE SECTORS IN THE BACKGROUND: Manufacturing is really important.
DEPLOYED COUNTRIES/AREAS: Germany, Poland, Ukraine, and the United States
LOCATION OF THE COMPANY HEADQUARTERS: Ukraine
3.4 RESEARCHER CERT.PL's Marcin Dudek disclosed these flaws to CISA.
4. ACTIONS RECOMMENDED BY DISTRIBUTED DATA SYSTEMS
Upgrading the platform software to the most recent release, Version 4.1 CISA, advises users to take defensive actions to reduce the chance of these vulnerabilities being exploited. Users should, in particular,:
All control system devices and/or systems should have as little network exposure as possible, and they should not be accessible from the Internet.
Isolate control system networks and distant devices from the corporate network by placing them behind firewalls.
When remote access is essential, employ secure means such as Virtual Private Networks (VPNs), keeping in mind that VPNs may contain vulnerabilities and should be updated to the latest version available. Also keep in mind that a VPN is only as safe as the devices it connects to.
Reference article: CISA Releases Security Advisory on WebHMI Vulnerabilities
Looking for best Cybersecurity service company? Speak to our expert.