Cybersecurity researchers have disclosed particulars of a new vulnerability in a program made use of throughout oil and gas corporations that could be exploited by an attacker to inject and execute arbitrary code.
The vulnerability, tracked as CVE-2022-0902 (CVSS rating: 8.1), is a path-traversal vulnerability in ABB Totalflow stream pcs and remote controllers.
“Attackers can exploit this flaw to obtain root obtain on an ABB flow computer system, go through and create information, and remotely execute code,” industrial security enterprise Claroty said in a report shared with The Hacker News.
ABB, a Swedish-Swiss industrial automation organization, has since unveiled firmware updates as of July 14, 2022, pursuing dependable disclosure.
Move desktops are special-objective electronic devices utilized by petrochemical companies to interpret facts from flow meters and estimate and file the volume of substances these as natural gas, crude oils, and other hydrocarbon fluids at a particular position in time.
These gas measurements are critical not only when it comes to method protection, but are also employed as inputs when bulk liquid or fuel merchandise adjust arms involving functions, producing it imperative that the circulation measurements are precisely captured.
In a nutshell, the vulnerability discovered by Claroty is a path traversal flaw that exists in ABB’s implementation of its proprietary Totalflow TCP protocol, which is used to remotely configure the computers.
The issue, exclusively, issues a element that enables for importing and exporting the configuration files, enabling an attacker to consider benefit of an authentication bypass issue to get previous the security passcode barrier and add arbitrary data files.
By taking edge of the shortcoming, a remote malicious actor could seize control of the products and hamper their means to thoroughly record oil and gasoline flow prices.
“A thriving exploit of this issue could impede a firm’s ability to invoice shoppers, forcing a disruption of solutions, identical to the penalties suffered by Colonial Pipeline next its 2021 ransomware attack,” Claroty researcher Vera Mens claimed.
Uncovered this short article interesting? Observe THN on Fb, Twitter and LinkedIn to browse extra exclusive information we article.
Some parts of this article are sourced from:
thehackernews.com