Researchers at Israel's OTORIO industrial cybersecurity firm found critical defects in two popular industrial remote access systems that attackers could exploit to block access to industrial production floors, infiltrate company networks, tamper with data, and steal business secrets.
The analysts found flaws in B&R Automation's SiteManager and GateManager ranging from path traversal to improper authentication, which could enable hackers to view sensitive data about other users, their assets, and their processes.
Meanwhile, the analysts said, MB Connect Line's mbCONNECT24 was found to contain flaws that could enable attackers to access arbitrary information through Structured Query Language injection, steal session details in a cross-site request forgery attack, and leverage unused third-party libraries bundled with the software to obtain remote code execution.
The flaws in both systems reportedly have been corrected.
From The Hacker News
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found