Critical Flaws Discovered in Popular Industrial Remote Access Systems

2020-10-01 01:29

Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets.

The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, two of the popular remote maintenance tools used in automotive, energy, oil & gas, metal, and packaging sectors to connect to industrial assets from anywhere across the world.

MymbCONNECT24 and mbCONNECT24 versions v2.6.1 and prior have been found vulnerable to four different security issues that could make it possible for a logged-in attacker to access arbitrary information via SQL injection, steal session details by carrying out a cross-site request forgery attack with merely a specifically crafted link, and leverage outdated and unused third-party libraries bundled with the software to gain remote code execution.

Although these flaws have since been fixed, the development is another reminder of how weaknesses in remote access solutions can have destructive consequences on critical infrastructure.

"When remote access is required, use secure methods, such as Virtual Private Networks, recognizing that VPNs may have vulnerabilities and should be updated to the most current version available," the agency cautioned.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/bj3b3xlIG7o/industrial-remote-access.html

#critical #remoteaccess