Security News > 2023 > June > High-risk vulnerabilities patched in ABB Aspect building management system
Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system developed by ABB. ABB's Aspect BMS enables users to monitor a building's performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and network management functions with internet connectivity and web serving capabilities.
During a recent security testing engagement on behalf of a client, researchers discovered an ABB Aspect appliance and that the BMS was misconfigured to be publicly available over the internet.
The team gained initial access to the administrative interface by using the default credentials documented in the Aspect Control Engine's publicly available user manual.
The team then found that the Network Diagnostic function of the Aspect appliance was vulnerable to RCE which allowed them to gain access via a reverse-shell to the underlying Linux OS and associated internal network infrastructure.
Researchers then identified an unintended privilege escalation vulnerability built into the underlying operating system of the ABB appliance, which would allow the user to escalate their access privileges to a root-level account.
"We informed the client of our findings and disclosed the software vulnerabilities to ABB shortly after. It was impressive how quickly both parties acknowledged and acted upon these issues, from the client ensuring these access levels were disabled to ABB patching and releasing an update and advisory to their clients. It goes to show how well responsible disclosure can work when consultants and vendors are both on the same page and put security first," said Phil Robinson, Principal Consultant and Founder of Prism Infosec.
News URL
https://www.helpnetsecurity.com/2023/06/07/cve-2023-0635-cve-2023-0636/