A number of safety vulnerabilities have been found in numerous companies, together with Honeywell Experion distributed management system (DCS) and QuickBlox, that, if efficiently exploited, might end in extreme compromise of affected programs.
Dubbed Crit.IX, the 9 flaws within the Honeywell Experion DCS platform permit for “unauthorized distant code execution, which suggests an attacker would have the ability to take over the units and alter the operation of the DCS controller, while additionally hiding the alterations from the engineering workstation that manages the controller,” Armis mentioned in a press release shared with The Hacker Information.
Put in another way, the problems relate to lack of encryption and sufficient authentication mechanisms in a proprietary protocol known as Management Information Entry (CDA) that is used to speak between Experion Servers and C300 controllers, successfully enabling a risk actor to take over the units and alter the operation of the DCS controller.
“Consequently, anybody with entry to the community is ready to impersonate each the controller and the server,” Tom Gol, CTO for analysis at Armis, mentioned. ” As well as, there are design flaws within the CDA protocol which make it laborious to regulate the boundaries of the information and might result in buffer overflows.”
In a associated improvement, Verify Level and Claroty uncovered main flaws in a chat and video calling platform often called QuickBlox that is broadly utilized in telemedicine, finance, and sensible IoT units. The vulnerabilities might permit attackers to leak the person database from many standard purposes that incorporate QuickBlox SDK and API.
This contains Rozcom, an Israeli vendor that sells intercoms for residential and business use circumstances. A more in-depth examination of its cell app led to the invention of extra bugs (CVE-2023-31184 and CVE-2023-31185) that made it attainable to obtain all person databases, impersonate any person, and carry out full account takeover assaults.
“Consequently, we have been in a position to take over all Rozcom intercom units, giving us full management and permitting us to entry gadget cameras and microphones, wiretap into its feed, open doorways managed by the units, and extra,” the researchers mentioned.
Additionally disclosed this week are distant code execution flaws impacting Aerohive/Excessive Networks entry factors working HiveOS/Excessive IQ Engine variations earlier than 10.6r2 and the open-source Ghostscript library (CVE-2023-36664, CVSS rating: 9.8) that might end result within the execution of arbitrary instructions.
Protect Towards Insider Threats: Grasp SaaS Safety Posture Administration
Fearful about insider threats? We have got you coated! Be part of this webinar to discover sensible methods and the secrets and techniques of proactive safety with SaaS Safety Posture Administration.
“Ghostscript is a broadly used however not essentially broadly recognized package deal,” Kroll researcher Dave Truman mentioned. “It may be executed in many alternative methods, from opening a file in a vector picture editor corresponding to Inkscape to printing a file by way of CUPS. Which means an exploitation of a vulnerability in Ghostscript may not be restricted to 1 utility or be instantly apparent.”
Rounding off the checklist is the invention of hard-coded credentials in Technicolor TG670 DSL gateway routers that may very well be weaponized by an authenticated person to realize full administrative management of the units.
“A distant attacker can use the default username and password to login because the administrator to the router gadget,” CERT/CC mentioned in an advisory. “This permits the attacker to change any of the executive settings of the router and use it in sudden methods.”
Customers are suggested to disable distant administration on their units to forestall potential exploitation makes an attempt and examine with the service suppliers to find out if acceptable patches and updates can be found.