As more companies rely on remote access systems to maintain production during COVID-19, discovering remote access vulnerabilities becomes a top priority
As more companies rely on remote access systems to maintain production during COVID-19, discovering remote access vulnerabilities becomes a top priority. OTORIO’s researchers have recently found critical security flaws in two popular industrial remote access solutions that can be used to prevent access to industrial production floors, break into company networks, tamper with data, or steal sensitive business secrets.
TEL AVIV - September 30, 2020 - OTORIO, the leading provider of next-generation OT digital and cybersecurity management solutions, announced today that its researchers have identified multiple critical vulnerabilities in remote access systems from B&R Automation and mbConnect.
Remote access has become a rising need in the Industry 4.0 era, and the demand has intensified under COVID-19, as more and more organizations rely on remote workforce that needs to connect from a distance in order to keep their operations going. Amongst the leading remote access tools that are currently widely used in industrial are B&R's SiteManager and GateManager, and mbConnect’s mbConnect24.
B&R's SiteManager and GateManager are part of the company’s Secure Remote Maintenance suite. mbConnect’s mbConnect24 is used mostly for remote connection to industrial assets. These systems allow operations professionals access to manage, service and maintain industry machines remotely from anywhere in the world. Together, they serve thousands of sites in industries such as automotive, energy, oil & gas, metal, packaging, maritime and more.
B&R - potentially disrupting operations (CVE-2020-11641, CVE-2020-11642, CVE-2020-11643, CVE-2020-11644, CVE-2020-11645, CVE-2020-11646)
SiteManager and GateManager allow operations professionals access to service and maintain industry machines remotely from anywhere in the world. The remote suite allows technicians and engineers to retrieve logbook entries, application data and much more.
Exploiting the 6 new vulnerabilities, an attacker who has gained authorized access to the solution could view sensitive information about other users, their assets and their processes (even when they belong to an external organization). Additionally, hackers can fool users to malicious foreign sites through fictive system messages and alerts, and trigger a repeated restart of both the GateManager and the SiteManager, leading eventually to a loss of availability, and halt production.
Leveraging all three vulnerabilities would have enabled attackers to devise a worst-case scenario to an operations floor which relied on remote access employees.
The vulnerabilities affect B&R Automation SiteManager and GateManager products V.9.1.62008500. A link to the CERT advisory can be found here: https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03
mbConnect - potential data collection and manipulation (CVE-2020-24569, CVE-2020-24568, CVE-2020-24570)
mbConnect24 is used mostly for remote connection to industrial assets. OTORIO's offensive security researchers discovered a number of vulnerabilities in mbConnect24, a popular remote connectivity solution. mbConnect servers are hubs that serve multiple endpoints, and sometimes even multiple clients.
mbConnect was quick to address the vulnerabilities with a version update and to issue an advisory to its customers with suggested mitigation steps. A link to the CERT advisory can be found here: https://cert.vde.com/de-de/advisories/vde-2020-035
Finding the weak links in the security chain
According to Matan Rudis, OTORIO Threat Intelligence & Penetration Test Team Leader, “Looking at industrial cybersecurity in a holistic way, products such as B&R’s and mbConnect can become potential “weak links” in the security chain. OTORIO thanks B&R and mbConnect for their swift action and the seriousness with which they handled the issue.”
A recent Gartner report measured the time it takes attackers to exploit a vulnerability from the day it was announced. The study found that the average time-to-exploit of a vulnerability has dropped significantly from over 30 days in 2016, to just 2.5 days in 2019. “This means that in order to avoid potential breaches to their production facilities, organizations should quickly react to known vulnerabilities and follow the advice and guidance provided by their system providers,” says Rudis.
OTORIO works alongside leading vendors such as B&R and mbConnect to ensure that attackers do not gain the ability to impact OT assets through the internet and that daily operations and productivity remain safe and efficient.
OTORIO designs and markets the next generation of OT security and digital risk management solutions. The company combines the experience of top nation-state cybersecurity experts with cutting edge digital risk management technologies to provide the highest level of protection for the manufacturing industry. Visit our website: www.otorio.com