Security News > 2021 > January > Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways
Several vulnerabilities have been identified in Pepperl+Fuchs Comtrol IO-Link Master industrial gateways, including flaws that researchers claim can be exploited to gain root access to a device and create backdoors.
A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial products, including cross-site request forgery, reflected cross-site scripting, blind command injection, and denial-of-service issues.
In an advisory published on January 4, Pepperl+Fuchs said the vulnerabilities can allow remote attackers to gain access to the targeted device, execute "Any program," and obtain information.
Johannes Greil, principal security consultant and head of the SEC Consult Vulnerability Lab, told SecurityWeek that if an attacker can gain access to one of the affected Comtrol devices - for example, by using an XSS attack or password guessing - they may be able to execute commands on the device with root privileges and implement persistent backdoors.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
IO-Link is an industrial communications protocol used for digital sensors and actuators.