A number of safety vulnerabilities have been found in varied providers, together with Honeywell Experion distributed management system (DCS) and QuickBlox, that, if efficiently exploited, might lead to extreme compromise of affected methods.
Dubbed Crit.IX, the 9 flaws within the Honeywell Experion DCS platform enable for “unauthorized distant code execution, which implies an attacker would have the ability to take over the gadgets and alter the operation of the DCS controller, while additionally hiding the alterations from the engineering workstation that manages the controller,” Armis stated in a press release shared with The Hacker Information.
Put in another way, the problems relate to lack of encryption and sufficient authentication mechanisms in a proprietary protocol referred to as Management Information Entry (CDA) that is used to speak between Experion Servers and C300 controllers, successfully enabling a menace actor to take over the gadgets and alter the operation of the DCS controller.
“In consequence, anybody with entry to the community is ready to impersonate each the controller and the server,” Tom Gol, CTO for analysis at Armis, stated. ” As well as, there are design flaws within the CDA protocol which make it exhausting to manage the boundaries of the information and may result in buffer overflows.”
In a associated growth, Verify Level and Claroty uncovered main flaws in a chat and video calling platform generally known as QuickBlox that is extensively utilized in telemedicine, finance, and good IoT gadgets. The vulnerabilities might enable attackers to leak the consumer database from many common purposes that incorporate QuickBlox SDK and API.
This consists of Rozcom, an Israeli vendor that sells intercoms for residential and business use circumstances. A more in-depth examination of its cell app led to the invention of further bugs (CVE-2023-31184 and CVE-2023-31185) that made it attainable to obtain all consumer databases, impersonate any consumer, and carry out full account takeover assaults.
“In consequence, we have been capable of take over all Rozcom intercom gadgets, giving us full management and permitting us to entry system cameras and microphones, wiretap into its feed, open doorways managed by the gadgets, and extra,” the researchers stated.
Additionally disclosed this week are distant code execution flaws impacting Aerohive/Excessive Networks entry factors operating HiveOS/Excessive IQ Engine variations earlier than 10.6r2 and the open-source Ghostscript library (CVE-2023-36664, CVSS rating: 9.8) that would outcome within the execution of arbitrary instructions.
Protect In opposition to Insider Threats: Grasp SaaS Safety Posture Administration
Anxious about insider threats? We have you coated! Be a part of this webinar to discover sensible methods and the secrets and techniques of proactive safety with SaaS Safety Posture Administration.
“Ghostscript is a extensively used however not essentially extensively recognized bundle,” Kroll researcher Dave Truman stated. “It may be executed in many alternative methods, from opening a file in a vector picture editor corresponding to Inkscape to printing a file through CUPS. Which means an exploitation of a vulnerability in Ghostscript won’t be restricted to 1 utility or be instantly apparent.”
Rounding off the checklist is the invention of hard-coded credentials in Technicolor TG670 DSL gateway routers that may very well be weaponized by an authenticated consumer to realize full administrative management of the gadgets.
“A distant attacker can use the default username and password to login because the administrator to the router system,” CERT/CC stated in an advisory. “This permits the attacker to change any of the executive settings of the router and use it in surprising methods.”
Customers are suggested to disable distant administration on their gadgets to forestall potential exploitation makes an attempt and test with the service suppliers to find out if acceptable patches and updates can be found.
