Security News > 2022 > March > Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks.
Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.
"Successful attack may lead to full network compromise, since Azure Defender For IoT is configured to have a TAP on the network traffic," according to a technical analysis by SentinelLabs' Kasif Dekel and independent researcher Ronen Shustin.
Two of the critical bugs in Defender for IoT, CVE-2021-42311 and CVE-2021-42313, were SQL injection vulnerabilities and both received a perfect 10 out of 10 score in terms of severity.
CVE-2021-42310, which is ranked as a high-severity vulnerability, targets the Defender for IoT device password recovery mechanism.
While none of these bugs were exploited beyond SentinelLab's proof-of-concept code, these vulnerabilities are "Particularly concerning when it comes to IoT and OT devices that have little to no defenses and depend entirely on these vulnerable platforms for their security posture," the analysis warned.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/30/sentinelone_microsoft_azure_iot/
Related news
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)
- That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-15 | CVE-2021-42313 | SQL Injection vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 |
2021-12-15 | CVE-2021-42311 | SQL Injection vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 |
2021-12-15 | CVE-2021-42310 | Unspecified vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 9.8 |