Seven previously unknown Zero Day vulnerabilities in Moxa’s ThingsPro Suite – an Industrial Internet of Things (IIoT) platform, ended up identified and patched.
All vulnerabilities identified were reported to and patched by Moxa, said researchers at Kaspersky Lab.
Some of the vulnerabilities could potentially allow attackers to gain highly privileged access to industrial IoT gateways and execute deadly commands, Kaspersky researchers said. As much as platforms like ThingsPro Suite are useful to ease IIoT (Industrial Internet of Things) integration and maintenance, they can also be dangerous, unless they are developed and integrated with adequate security concerns in mind, the researchers said.
As such, solutions work as a connecting point between IT and OT (Operational Technology) security domains, vulnerabilities found in them can potentially allow attackers to gain access to an industrial network.
“An important argument in favor of our choice was the fact that using ThingsPro Suite requires the solution to be remotely available over the Internet, because ThingsPro Suite is designed for Moxa’s UC-8100 Series industrial gateway computers and its platform is controlled via a web interface,” said Alexander Nochvay, a security researcher at Kaspersky Lab’s ICS-CERT in a report. “In addition, when using ThingsPro Suite, most devices transfer data either directly via the platform or through an intermediary, such as another gateway. This means that ThingsPro Suite is an exit point from the industrial network to the internet and, conversely, an entry point from the internet into the industrial network.”
Throughout a two-week period, Kaspersky researchers conducted a preconceptual study of the product, testing it for vulnerabilities that could be exploited remotely. As a result, seven Zero Day vulnerabilities were found.
One of the most severe could allow a remote attacker to execute any command on the target IIoT gateway. Another vulnerability made it possible for attackers to gain root privileges, providing the ability to change the device’s configuration.
In addition, its exploitation could end up automated, meaning cybercriminals could automatically compromise multiple Moxa ThingsPro IoT gateways in different enterprises and potentially gain access to industrial networks of the organizations.
“Moxa is a trusted and respected brand in the industrial systems world,” Nochvay said. “However, despite the company’s vast expertise and experience, its new product had a number of vulnerabilities, which shows that it is important even for industry leaders to conduct proper cybersecurity tests. We call on all ICS-product developers to act responsibly, performing regular vulnerability checks, treating the security of solutions for industrial systems as an integral and essential part of development.”
Kaspersky offered ICS security tips:
• Restrict access of IIoT gateway devices to components of the enterprise’s OT and IT networks to the extent possible.
• Restrict access to IIoT gateway devices from the enterprise network and the internet to the extent possible.
• Set up monitoring of remote access to the enterprise’s OT network, as well as monitoring of access to individual ICS components (workstations, servers, and other equipment) inside the OT network.
• Use solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network.
• Use dedicated solutions to monitor and perform deep analysis of network traffic on the OT network and detect attacks on industrial equipment.
• Ensure the security of hosts on the enterprise’s IT and OT networks are using solutions that provide protection from malware and cyberattacks.
• Provide cyber-hygiene training to employees, partners and suppliers who have access to the enterprise’s OT network.