Serviceteam IT Security News

Researchers at an Israeli operational technology (OT) company have discovered multiple critical vulnerabilities in two popular industrial remote access software solutions.

The flaws can be exploited to access industrial production floors, break into company networks, tamper with data, or steal highly sensitive trade secrets. 

Researchers at Otorio discovered the vulnerabilities in remote access systems made by Austrian automation and process control technology company B&R Automation and in mbConnect24 software made by German company mbConnect Line

Otorio, which is headquartered in Tel Aviv, delivers next-generation secured OT, IOT, industrial control systems (ICS) security, and digital risk management solutions.

Six critical flaws affecting B&R Automation were identified in the company’s SiteManager and GateManager software that form part of the company’s Secure Remote Maintenance Suite.  mbConnect’s mbConnect24 is used mostly for remote connection to industrial assets.

Describing the importance of the systems in which the flaws were spotted, Otorio stated: “These systems allow operations professionals access to manage, service and maintain industry machines remotely from anywhere in the world. Together, they serve thousands of sites in industries such as automotive, energy, oil & gas, metal, packaging, maritime and more.”

Otorio announced the flaws earlier today. Details of the vulnerabilities are now available on the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s website.

Researchers noted that by exploiting the B&R flaws, an attacker who has gained authorized access to the B&R solution (for example, by simply acquiring a legitimate general license, available to anyone) can view sensitive information about other users whose information resides on the same server. 

This information, which may include data regarding assets, processes, and other sensitive items, could be used by attackers to target other organizations and their industrial systems.

Worryingly, exploitation of the flaws could also cause all operations to cease. Otorio stated: “The attacker can also trigger a repeated restart of both the GateManager and the SiteManager, leading eventually to a loss of availability and halt production.”

The vulnerabilities found in a highly accessible zone of mbConnect24 have since been fixed by the company in newer versions of the product. They allowed an attacker to leverage a vulnerable, outdated library to upload crafted authentication files.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!