Claroty uncovers VPN product vulnerabilities

Cybersecurity company Claroty said it has uncovered vulnerabilities in VPN products commonly used to provide secure access to IoT devices that monitor and control industrial process.

The vulnerabilities in products widely used in the oil and gas and utilities industries could be exploited to disrupt remote IoT processes with potentially disastrous consequences, Claroty said.

Testing has uncovered bugs in the Secomea GateManager, the Moxa industrial VPN server and the HMS eWon VPN device, the company said.

These products are used to enable remote operators and third-party vendors to dial into customer sites and provide maintenance and monitoring for programmable logic controllers and other devices — a practice that has only become more common recently as a result of COVID-19.

They are typically offered as white-labelled solutions that companies can purchase for their own use, but because the underlying software is the same in all variations, the vulnerabilities are believed to be common to all.

Claroty said it has informed the main vendors of these products, which has resulted in fixes being issued.

The most severe of the vulnerabilities is likely in the Secomea GateManager bug, which Claroty said was the result of improper handling of some of the HTTP request headers provided by the client.

This could result in a complete security breach that grants full access to a customer’s internal network, as well as the ability to decrypt traffic passing through the VPN.

The Moxa VPN server bug could meanwhile allow an attacker to use a specially crafted HTTP request to trigger a stack-based overflow in the system web server and carry out remote code execution without the need for any credentials.

Finally, the HMS eWon bug in version 2020-14498 could allow phishers to execute code with the highest privileges and completely take over a victim’s machine.

Image credit: ©stock.adobe.com/au/Edelweiss