Security News > 2023 > May > Advantech’s industrial serial device servers open to attack
Three vulnerabilities in Advantech's EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level.
Serial device servers are networking devices that "Network-enable" serial devices in an industrial automation environment.
CyberDanube researchers Thomas Weber and Sebastian Dietz have analyzed the firmware of Advantech's EKI-1521-CE, EKI-1522-CE, and EKI-1524-CE series of serial device servers, and unearthed two command injection and one buffer overflow vulnerabilities, all of which can be triggered via POST request.
"The two command injection vulnerabilities are triggered in a similar way. First, an attacker sets the name of the NTP server in the interface and intercepts the HTTP message before it can be sent to the device. Second, an attacker modifies the message by replacing the desired name by a system command, enclosed by";" characters.
The same attack can also be done via the device name, but it requires an additional reboot to trigger the final command execution," the researchers told Help Net Security.
Advantech has confirmed the existence of the vulnerabilities in v1.21 and earlier of the devices' firmware.
News URL
https://www.helpnetsecurity.com/2023/05/15/advantech-vulnerabilities-serial-device-servers/
Related news
- LockBit ransomware returns to attacks with new encryptors, servers (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)