Vulnerabilities found in OT products

Forescout’s Vedere Labs has uncovered vulnerabilities in operational technology products used by a wide range of device manufacturers across multiple sectors.

The vulnerabilities discovered in products from German vendors Festo and CODESYS include dangerous functions that can be accessed with no authentication, suggesting an insecure-by-design approach.

For example, the Festo CPX-CEC-C1 and CPX-CMXX controllers have been found to allow unauthenticated, remote access to critical webpage functions, Vedere Labs said. In addition, Festo controllers using the Festo Generic Multicast (FGMC) protocol were found to allow for the unauthenticated reboot of controllers and other sensitive operations.

Meanwhile, the CODESYS V3 runtime environment, which is used by hundreds of device manufacturers around the world including Festo, has been found in older versions to use weak cryptography for download code and boot applications, indicating a sub-par implementation of security controls.

Forescout Vedere Labs Head of Security Research Daniel dos Santos said the findings are concerning in light of the way threat actors have been adapting their attack methods.

“For instance, cybercriminals are exploiting vulnerabilities in connected devices to gain access to organisational networks, enabling them to launch attacks on OT systems that can cause physical business disruption,” he said.

“With new malware specifically targeting known OT security gaps, these collectively reaffirm a clear need for OT security standards that can be useful to mitigate risks arising from insecure design.”

Organisations relying on OT devices for mission-critical applications should accordingly adopt mitigation strategies including collecting and maintaining up-to-date information about cyber assets as soon as they join or leave the network, and segment their network to isolate IT and operational technology, dos Santos said.

Security teams should also be monitoring all network traffic with solutions capable of identifying and flagging potential zero-day exploits, he added.

Image credit: iStock.com/Vaselena