Critical Vulnerabilities Found in Remote Access Software

Researchers at an Israeli operational technology (OT) company have discovered multiple critical vulnerabilities in two popular industrial remote access software solutions.

The flaws can be exploited to access industrial production floors, break into company networks, tamper with data, or steal highly sensitive trade secrets. 

Researchers at Otorio discovered the vulnerabilities in remote access systems made by Austrian automation and process control technology company B&R Automation and in mbConnect24 software made by German company mbConnect Line. 

Otorio, which is headquartered in Tel Aviv, delivers next-generation secured OT, IOT, industrial control systems (ICS) security, and digital risk management solutions.

Six critical flaws affecting B&R Automation were identified in the company's SiteManager and GateManager software that form part of the company's Secure Remote Maintenance Suite.  mbConnect’s mbConnect24 is used mostly for remote connection to industrial assets.

Describing the importance of the systems in which the flaws were spotted, Otorio stated: "These systems allow operations professionals access to manage, service and maintain industry machines remotely from anywhere in the world. Together, they serve thousands of sites in industries such as automotive, energy, oil & gas, metal, packaging, maritime and more."

Otorio announced the flaws earlier today. Details of the vulnerabilities are now available on the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency's website.

Researchers noted that by exploiting the B&R flaws, an attacker who ..

Support the originator by clicking the read the rest link below.