Security News > 2020 > July > Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures
Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems.
A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client.
The critical flaw, identified as CVE-2020-14500, affects the GateManager component, the main routing instance in the Secomea remote access solution.
This flaw can be exploited remotely and without requiring any authentication to achieve remote code execution, which could result in gaining full access to a customer's internal network, along with the ability to decrypt all traffic that passes through the VPN. In Moxa EDR-G902 and EDR-G903 industrial VPN servers, researchers discovered a stack-based buffer overflow bug in the system web server that can be triggered just by sending a specially crafted HTTP request, eventually allowing attackers to carry out remote code execution without the need for any credentials.
Claroty researchers also tested HMS Networks' eCatcher, a proprietary VPN client that connects to the company's eWon VPN device, and found that the product is vulnerable to a critical stack-based buffer overflow that can be exploited to achieve remote code execution.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/YjCmQJU7by4/industrial-vpn-security.html
Related news
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-25 | CVE-2020-14500 | NULL Pointer Dereference vulnerability in Secomea Gatemanager 8250 Firmware 9.2C Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. | 7.5 |