Cybersecurity researchers have disclosed information of a new vulnerability in a method applied throughout oil and fuel organizations that could be exploited by an attacker to inject and execute arbitrary code.
The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a route-traversal vulnerability in ABB Totalflow flow personal computers and distant controllers.
“Attackers can exploit this flaw to get root accessibility on an ABB stream laptop or computer, read and generate files, and remotely execute code,” industrial security enterprise Claroty claimed in a report shared with The Hacker News.
ABB, a Swedish-Swiss industrial automation business, has since released firmware updates as of July 14, 2022, pursuing liable disclosure.
Move pcs are specific-reason electronic devices used by petrochemical producers to interpret facts from movement meters and compute and file the volume of substances these kinds of as all-natural gasoline, crude oils, and other hydrocarbon fluids at a precise place in time.
These gasoline measurements are critical not only when it will come to process protection, but are also applied as inputs when bulk liquid or gas products and solutions adjust hands concerning parties, creating it imperative that the stream measurements are properly captured.
In a nutshell, the vulnerability determined by Claroty is a route traversal flaw that exists in ABB’s implementation of its proprietary Totalflow TCP protocol, which is used to remotely configure the pcs.
The issue, specifically, concerns a aspect that lets for importing and exporting the configuration documents, enabling an attacker to just take edge of an authentication bypass issue to get earlier the security passcode barrier and upload arbitrary data files.
By having edge of the shortcoming, a distant malicious actor could seize handle of the products and hamper their means to thoroughly file oil and gas move costs.
“A thriving exploit of this issue could impede a company’s potential to monthly bill prospects, forcing a disruption of solutions, related to the effects suffered by Colonial Pipeline next its 2021 ransomware attack,” Claroty researcher Vera Mens mentioned.
Found this posting attention-grabbing? Abide by THN on Fb, Twitter and LinkedIn to examine extra special articles we submit.
Some pieces of this posting are sourced from: