sb-au logo
Story image

VPN vulnerabilities pose serious risk to OT Networks

30 Jul 2020

Researchers from cybersecurity firm Claroty has uncovered vulnerabilities in VPN servers and clients, including Seacomea GateManager, Moxa industrial VPN server, and the HMS eWon.

According to researchers, these products are widely used in industries such as water, oil and gas, and electricity providers and other places where remote sites demand secure connectivity.

These industries use VPNs to enable remote workers and third parties to connect to customer sites in order to provide monitoring or maintenance to programmable logic controllers, as well as other devices.

The vulnerabilities could enable attackers to take control of VPN servers and clients to gain access to internal, secure networks. Attackers can also slip past perimeter security, leading to a complete security breach.

Furthermore, attackers could potentially decrypt all traffic passing through the organisation’s VPN. 

Claroty researchers share further details about the products and associated vulnerabilities. All respective vendors have now patched the vulnerabilities in their products.

“Claroty says these products are typically offered as white-labelled solutions that companies can purchase for their own use, but because the underlying software is the same in all variations, the vulnerabilities would be common to all.”

Secomea GateManager - CVE-2020-14500

The bug results from improper handling of some of the HTTP request headers provided by the client. Claroty says it could result in a complete security breach that grants full access to a customer’s internal network, along with the ability to decrypt all traffic passing through the VPN.

Moxa industrial VPN server - CVE-2020-14511

Claroty says these industrial VPN routers are widely used across critical infrastructure sectors such as manufacturing, energy and transportation and often exposed to the Internet. An attacker could use a specially crafted HTTP request to trigger a stack-based overflow in the system web server and carry out remote code execution without the need for any credentials.

HMS eWon - CVE-2020-14498

eWon is a VPN device that remote clients connect to using a proprietary VPN client called eCatcher, which runs on a PC. Attackers can send a phishing email to the address associated with that PC and compromise eCatcher. If a user opens the email, the attacker can run code with highest privilege and then compromise the machine.
 
“With the growth in remote working, Claroty expects to see increased use of these platforms and increased use for security-critical applications. It predicts that these and other vulnerabilities could be exploited by financially motivated attackers to launch DDoS attacks,” the company concludes.
 

Story image
Security and risk management spending in Australia to increase in 2021
Australian organisations will spend more than A$4.9 billion on enterprise information security and risk management products and services in 2021, according to the latest forecast by Gartner. More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More
Story image
New wormable Android malware discovered through auto-replies in WhatsApp
Check Point Research has discovered new malware on Google’s Play Store that could spread through WhatsApp messages. More
Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More
Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More