Source: www.govinfosecurity.com – Author:
Governance & Risk Management , Operational Technology (OT) , Patch Management
Researchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of Ways Prajeet Nair (@prajeetspeaks) • November 29, 2024
Researchers have discovered 20 critical vulnerabilities in a type of Advantech industrial-grade wireless access points that’s widely deployed across critical infrastructure environments. Attackers could exploit the flaws to remotely executive code and create denials of service.
See Also: Webinar | Navigating the Difficulties of Patching OT
Researchers at Nozomi Networks Labs identified the flaws in Australian vendor Advantech’s EKI-6333AC-2G access points. They warn attackers could exploit the flaws to remotely execute code with root privileges, without having to first authenticate to the devices. They said the vulnerabilities could also be used to execute denial-of-service attacks and disrupt critical infrastructure environments.
Researchers said they verified the flaws in version 1.6.2 of the firmware running on the devices. In response, the vendor patched the flaws via firmware updates: version 1.6.5 for EKI-6333AC-2G and EKI-6333AC-2GD and version 1.2.2 for EKI-6333AC-1GPO.
According to Advantech’s website, its EKI-6333AC-2G access point is designed to be used in challenging environments and offers dual-band Wi-Fi connectivity, which is needed in many industrial automation and safety scenarios. The company said the devices often get deployed in critical infrastructures for mission-critical applications, such as manufacturing lines and energy installations, for which having a secure and stable wireless communication is essential.
Disrupting connectivity in critical infrastructure environments can have serious repercussions.
Exploiting the vulnerabilities requires attackers to either achieve LAN or WAN access to a vulnerable access point, or be in “physical proximity” with a device, which would allow them to execute code remotely, Nozomi Networks said.
Nozomi Networks also found vulnerabilities in the scripts that manage core wireless data packet transmission, such as SSID and signal power, and said these flaws could be exploited by attackers to gain direct access to a device. Attackers could use these access points for backdoor entry into internal resources, moving laterally across enterprise networks, or for executing a DoS attack.
The vulnerabilities include several critical command injection flaws, tracked as CVE-2024-50370, CVE-2024-50371, CVE-2024-50372, CVE-2024-50373 and CVE-2024-50374, all with a CVSS score of 9.8. The vulnerabilities can be remotely exploited by attackers to execute arbitrary commands, potentially gaining full control over the device. Another critical flaw, CVE-2024-50375, involves missing authentication for critical functions, also scored 9.8.
The vulnerabilities also extend to over-the-air attack scenarios. For instance, by exploiting CVE-2024-50376 and CVE-2024-50359 in tandem, attackers could use rogue wireless access points to inject malicious payloads into the device, researchers said.
They recommended all Advantech’s wireless access point users to immediately install the firmware updates and review their devices’ security configurations.
Original Post URL: https://www.govinfosecurity.com/warning-patch-advantech-industrial-wireless-access-points-a-26943
Category & Tags: –
Views: 2