Security News > 2022 > May > Critical Flaws in Popular ICS Platform Can Trigger RCE

Critical Flaws in Popular ICS Platform Can Trigger RCE
2022-05-27 10:32

Critical flaws in a popular platform used by industrial control systems that allow for unauthorized device access, remote code execution or denial of service could threaten the security of critical infrastructure.

The OAS Platform is widely used in systems in which a range of disparate devices and software need to communicate, which is why it's often found in ICS to connect industrial and IoT devices, SCADA systems, network points, and custom apps and APIs, among other software and hardware.

The OAS Platform's presence in these systems is why the flaws can be incredibly dangerous, observed one security professional, noting that these devices are often those responsible for the operation of highly sensitive processes involved in critical industries like utilities and manufacturing.

"An attacker with the ability to disrupt or alter the function of those devices can inflict catastrophic damage on critical infrastructure facilities," Chris Clements, vice president of solutions architecture at security firm Cerberus Sentinel, wrote in an email to Threatpost.

Of the flaws in OAS discovered by Cisco Talos, the one with the most critical rating on the CVSS is being tracked as CVE-2022-26833, or TALOS-2022-1513.

Affected users also can mitigate the flaws by ensuring that proper network segmentation is in place which will give adversaries a low level of access to the network on which the OAS Platform communicates, researchers noted.


News URL

https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-26833 Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121.
network
low complexity
openautomationsoftware
critical
9.4