acm-header
Sign In

Communications of the ACM

Home/News/Critical Flaws Discovered in Popular Industrial Remote.../Full Text
ACM TechNews

Critical Flaws Discovered in Popular Industrial Remote Access Systems

By The Hacker News
October 5, 2020
Comments
View as: Print Mobile App Share:
Monitoring industrial control systems.

Cybersecurity researchers found critical security flaws in two popular industrial remote access systems.

Credit: The Hacker News

Researchers at Israel's OTORIO industrial cybersecurity firm found critical defects in two popular industrial remote access systems that attackers could exploit to block access to industrial production floors, infiltrate company networks, tamper with data, and steal business secrets.

The analysts found flaws in B&R Automation's SiteManager and GateManager ranging from path traversal to improper authentication, which could enable hackers to view sensitive data about other users, their assets, and their processes.

Meanwhile, the analysts said, MB Connect Line's mbCONNECT24 was found to contain flaws that could enable attackers to access arbitrary information through Structured Query Language injection, steal session details in a cross-site request forgery attack, and leverage unused third-party libraries bundled with the software to obtain remote code execution.

The flaws in both systems reportedly have been corrected.

From The Hacker News
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account