Claroty finds seven vulnerabilities in Dataprobe iBoot-PDU
The Claroty research team (Team82) has found seven vulnerabilities in Dataprobe's iBoot-PDU, the company's intelligent power distribution unit product.
Power distribution units (PDUs) are common devices found in industrial environments, data centres and other places where power supplies have to be near rack-mounted equipment.
Team82's findings show that an attacker would be able to exploit the vulnerabilities in Dataprobe's offering remotely, either through a direct web connection to the device or through the cloud.
It adds that this would lead to an unauthenticated remote code execution.
Citing additional recent research by Censys, Claroty says this showed over 2,000 PDUs are exposed to the internet, with 31% of these being Dataprobe devices.
The company also notes that carrying out an attack on a remotely exploitable vulnerability in a PDU component platform positions the attacker very close to being able to interfere with vital services by cutting off electric power to the device and, therefore, anything that is plugged into it.
Dataprobe has addressed these vulnerabilities in a new version update. Users are urged to update to Version 1.42.06162022 as soon as possible.
Dataprobe also recommends users disable SNMP, telnet, and HTTP, if not in use, to mitigate some of these vulnerabilities.
ICS-CERT has issued an advisory as well.
The release of this research comes after Exclusive Networks, a global cybersecurity specialist for digital infrastructure, announced the signing of its partnership with Claroty.
The partnership will see Exclusive Networks provide Claroty's cybersecurity solutions across the industrial, healthcare, and commercial environments in key APAC markets, including Indonesia, Malaysia, Philippines, Singapore, Thailand, Brunei, Vietnam, Laos, Cambodia, Australia, New Zealand, India and Hong Kong.
According to the companies, this partnership will allow Exclusive Networks and Claroty to work together to secure the cyber-physical systems of connected organisations across the industrial, healthcare and commercial sectors.
These sectors have become ever more complex due to the extended internet of things (XIoT) which has created more connectivity, yet presents cybersecurity blind spots, particularly with legacy IT systems.
Claroty's cybersecurity solutions are specifically designed for the cyber-physical space and help build resilience, protection and threat detection.
Exclusive Networks, alongside Claroty, will work with clients in APAC to plan, prioritise and implement their cybersecurity investments with properly sequenced integrations that will safeguard and improve their security operations, according to the companies.
Exclusive Networks will make Claroty's solutions available to partners and end customers throughout the APAC region.
According to the company, by leveraging its local network of more than 20 offices across 10 countries in the region, Exclusive Networks will work with resellers and systems integrators to ensure companies in Southeast Asia, from start-ups and SMEs to multinationals, will have robust workforce identity protection, in addition to the holistic cybersecurity solutions that Exclusive Networks offer organisations.