The VPN solution for distant security may well not be as secure as formerly considered, new study has discovered.
Which is particularly troubling, which is in particular unlucky supplied on the get the job done-at-house truth introduced on by COVID-19, according to a blog write-up from Claroty.
Remote code execution (RCE) vulnerabilities impacting VPN implementations generally employed to provide remote access to operational technology (OT) networks pose a hazard to industries like oil and gasoline, water utilities and electrical utilities that industrial control units (ICS).
Secure connectivity to remote sites has been even much more important to energy utilities’ operators and 3rd-bash distributors to dial into buyer web sites and present maintenance and checking.
“Vulnerable distant access servers can serve as remarkably helpful attack surfaces for danger actors concentrating on VPNs,” the blog site stated.
Claroty tested the security posture of a couple of well-liked remote-accessibility answers, which include cloud-centered, discipline-primarily based and client-based mostly, and found critical vulnerabilities in all.
Flaws bundled the inappropriate managing of some of the HTTP request headers offered by the consumer for the cloud-centered Secomea GateManager. This could allow an attacker to remotely exploit a server to achieve RCE with no any authentication demanded.
“If carried out effectively, such an assault could end result in a finish security breach that grants full accessibility to a customer’s inner network, together with the skill to decrypt all traffic that passes as a result of the VPN,” researchers mentioned in the blog, incorporating that Claroty notified Secomea of the CVE-2020-14500 critical vulnerability and a patch has been offered since July 16.
Claroty identified exploitation of the Moxa EDR-G902/3 industrial VPN servers could result in an attacker could use a specially crafted HTTP request to bring about a stack-primarily based, overflow vulnerability (CVE-2020-14511) in the system web server and have out RCE with no the require for any qualifications. In addition, an attacker can deliver a substantial cookie and bring about a stack-based mostly overflow in the process.
Moxa issued a patch on June 9, following staying alerted by Claroty on April 13.
Claroty’s evaluation of eWon’s eCatcher distant-access ICS resolution, ensuing in a critical stack-buffer overflow bug (CVE-2020-14498) that can be exploited to realize RCE by checking out a destructive web site or opening a malicious email which has a particularly crafted HTML factor, probably triggering the vulnerability.
Claroty researchers notified HMS Networks of what it discovered on May perhaps 12, and a patch has been readily available considering that July 14.