Security News > 2023 > May > Advantech’s industrial serial device servers open to attack
Three vulnerabilities in Advantech's EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level.
Serial device servers are networking devices that "Network-enable" serial devices in an industrial automation environment.
CyberDanube researchers Thomas Weber and Sebastian Dietz have analyzed the firmware of Advantech's EKI-1521-CE, EKI-1522-CE, and EKI-1524-CE series of serial device servers, and unearthed two command injection and one buffer overflow vulnerabilities, all of which can be triggered via POST request.
"The two command injection vulnerabilities are triggered in a similar way. First, an attacker sets the name of the NTP server in the interface and intercepts the HTTP message before it can be sent to the device. Second, an attacker modifies the message by replacing the desired name by a system command, enclosed by";" characters.
The same attack can also be done via the device name, but it requires an additional reboot to trigger the final command execution," the researchers told Help Net Security.
Advantech has confirmed the existence of the vulnerabilities in v1.21 and earlier of the devices' firmware.
News URL
https://www.helpnetsecurity.com/2023/05/15/advantech-vulnerabilities-serial-device-servers/
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)