Security Architecture, Endpoint/Device Security, IoT, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Users of IoT products from three major vendors at risk of DoS attacks, data leaks

At least nine vulnerabilities in the approach three leading IoT vendors used to implement the open platform communication (OPC) network protocol created conditions that could potentially expose product users to denial-of-service (DoS) attacks, remote code execution, and sensitive data leakage.

The three IoT vendors – Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell – all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.

OPC functions as the middleman of operational technology (OT) networks, ensuring operability between industrial control systems (ICS) and proprietary devices, such as programmable logic controllers (PLCs) responsible for the correct operation of field devices. Standardized communication protocols such as OPC and its specifications guarantee that management and oversight of devices and processes can happen from a centralized server.

The researchers urged vulnerable users to update immediately to the latest versions if the affected products. The Industrial Control System Cyber Emergency Response Team (ICS-CERT) also has published advisories, warning users of the affected products about the risks and offering update and mitigation information.

Claroty researchers cautioned the attack surfaces will expand and said organizations must examine their respective implementations for weaknesses. Meanwhile, the security community must also support enhanced security and research into undiscovered vulnerabilities and protocol shortcomings.

Today’s report comes as a significant reminder that industrial control systems rely on software and these systems are open to abuse by cybercriminals, said Joseph Carson, chief security scientist and Advisory chief information security officer at Thycotic.

“For OPC software this means it must be hardened and kept on segmented secure networks with strong privileged access security controls,” Carson said. “A defense-in-depth strategy for ICS is vital to protecting them against unauthorized access so that even when security vulnerabilities are exposed the risks on abusing them is very limited.”

The vulnerabilities discovered include the following:

Softing Industrial Automation GmbH

CVE-2020-14524: Heap-Based Buffer Overflow (CWE-122)

CVE-2020-14522: Uncontrolled Resource Consumption (CWE-400)

Kepware PTC

CVE-2020-27265: Stack-based buffer overflow (CWE-121)

CVE-2020-27263: Heap-based buffer overflow (CWE-122)

CVE-2020-27267: Use-after free (CWE-416)

Matrikon Honeywell OPC DA Tunneler

CVE-2020-27297: Heap overflow due to integrer overflow (CWE-122)

CVE-2020-27299: Information leak due to OOB read (CWE-125)

CVER-2020-27274: Improper check for unusual or exceptional conditions (CWE-754)

CVE-2020-27295: Uncontrolled resource consumption (CWE-400)

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.