Sign In

Communications of the ACM

ACM TechNews

Critical Flaws Discovered in Popular Industrial Remote Access Systems


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Monitoring industrial control systems.

Cybersecurity researchers found critical security flaws in two popular industrial remote access systems.

Credit: The Hacker News

Researchers at Israel's OTORIO industrial cybersecurity firm found critical defects in two popular industrial remote access systems that attackers could exploit to block access to industrial production floors, infiltrate company networks, tamper with data, and steal business secrets.

The analysts found flaws in B&R Automation's SiteManager and GateManager ranging from path traversal to improper authentication, which could enable hackers to view sensitive data about other users, their assets, and their processes.

Meanwhile, the analysts said, MB Connect Line's mbCONNECT24 was found to contain flaws that could enable attackers to access arbitrary information through Structured Query Language injection, steal session details in a cross-site request forgery attack, and leverage unused third-party libraries bundled with the software to obtain remote code execution.

The flaws in both systems reportedly have been corrected.

From The Hacker News
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found