Vulnerabilities discovered by researchers in VPN products primarily used for remote access to operational technology (OT) networks can allow hackers to compromise industrial control systems (ICS) and possibly cause physical damage.
Researchers from industrial cybersecurity company Claroty have identified potentially serious vulnerabilities in Secomea GateManager, Moxa EDR-G902 and EDR-G903, and HMS Networks’ eWon. The products are used by many organizations to remotely manage and monitor ICS, including programmable logic controllers (PLCs), input/output devices, and field devices.
Claroty says the impacted VPNs are widely used in the oil and gas and utilities sectors and exploitation could result in attackers gaining access to field devices and potentially causing physical damage.
In Secomea GateManager, which allows users to connect to the internal network from the internet through an encrypted tunnel, researchers discovered multiple security holes, including weaknesses that can be exploited to overwrite arbitrary data (CVE-2020-14500), execute arbitrary code, cause a DoS condition, execute commands as root by connecting via hardcoded Telnet credentials, and obtain user passwords due to weak hashing.
“[CVE-2020-14500] occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required. If carried out successfully, such an attack could result in a complete security breach that grants full access to a customer’s internal network, along with the ability to decrypt all traffic that passes through the VPN,” Claroty explained.