Saturday, November 16, 2024
HomeCVE/vulnerabilityFlaws with Ovarro's TBox Remote Terminal Units Opens Industrial Systems For Remote...

Flaws with Ovarro’s TBox Remote Terminal Units Opens Industrial Systems For Remote Attacks

Published on

Recently, on March 23, the United States Computer Emergency Readiness Team (US-CERT) has proclaimed that in “Ovarro TBox” several vulnerabilities have been detected.

According to cybersecurity analysts, the exploitation of these vulnerabilities could generally enable threat actors to remotely execute code or execute a distributed denial-of-service (DDoS).

Flaws Detected

  • CVE-2021-22646 – Improper control of generation of code (‘CODE INJECTION’) (CWE-94).
  • CVE-2021-22648 – Incorrect permission assignment for the critical resource (CWE-732).
  • CVE-2021-22642 – Uncontrolled resource consumption (CWE-400).
  • CVE-2021-22640 – Insufficiently protected credentials (CWE-522).
  • CVE-2021-22644 – Use of hard-coded cryptographic key (CWE-321). 

Risk Assessment

All the risk that is linked with these vulnerabilities is not only the integrity of automation processes but also, in some cases public safety. 

- Advertisement - SIEM as a Service

However, utilizing all the security shortcomings will surely help to find some web-based interfaces, just like HMIs. It generally monitors process levels and other industrial activity. 

The experts asserted that they have noticed in the past what could go incorrect when such an interface is disclosed to the internet outwardly any security.

Here, the fact of such interfaces are exposed online and excludes many such obstacles to entry for opponents of all types of vulnerabilities.

But, the successful exploitation of these vulnerabilities could result in remote code execution, which may create a denial-of-service situation.

Products That are Affected

The affected products that are targeted by the attackers in this attack are mentioned below:-

  • TBoxLT2 (All models)
  • TBox TG2 (All models)
  • TBox MS-CPU32
  • TBox MS-CPU32-S2
  • TBox RM2 (All models)
  • All the versions prior to TWinSoft 12.4 and Firmware 1.46

Mitigation

This vulnerability has been listed as one of the most important vulnerabilities, along with a CVSS v3 score of 8.8. The security researchers have requested to note that these vulnerabilities have a low skill level that needs to exploit them, and can be exploited remotely. 

In case the users are using the applicable product, in that situation, it is quite beneficial to investigate the influence and orderly update to the version in which the issue is fixed.

Apart from this, CISA has recommended users to follow some basic precautions from their side, as this will surely help them to minimize the risk of exploitation of these vulnerabilities.

Reduce the network exposure for all control system devices, and also make sure that they are not available from the internet. Even users must locate the control system networks and remote devices behind firewalls and separate them from the business network.

In case of remote access is needed, then one should always use secure methods, like Virtual Private Networks (VPNs). However, acknowledging VPNs may have vulnerabilities and should be updated to the most popular version that is available. 

Not only this, but CISA has also provided a full section that only suggests the control systems security, which are recommended workouts on the ICS webpage on us-cert.cisa.gov.

Moreover, there are several suggested methods that are generally available for examination and download, which also include Improving Industrial Control Systems Cybersecurity with Defense-in-Depth techniques.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for...

4M+ WordPress Websites to Attacks, Following Plugin Vulnerability

A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin,...

CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert and added...