Wednesday, May 25, 2022

Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service



Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service. 

The OAS Platform facilitates the simplified data transfer between various proprietary devices and applications, including software and hardware. 

The most serious of these issues is TALOS-2022-1493 (CVE-2022-26082), which an attacker could exploit to gain the ability to execute arbitrary code on the targeted machine. This issue has a severity score of 9.1 out of a possible 10. Another vulnerability, TALOS-2022-1513 (CVE-2022-26833) has a 9.4 severity score and could lead to the unauthenticated use of the REST API. 

There are two other vulnerabilities, TALOS-2022-1494 (CVE-2022-27169) and TALOS-2022-1492 (CVE-2022-26067) could allow an attacker to obtain a directory listing at any location permissible by the underlying user by sending a specific network request. 

Another information disclosure vulnerability TALOS-2022-1490 (CVE-2022-26077) works in the same way, but alternatively provides the attacker with a list of usernames and passwords for the platform that could be used in future attacks. 

TALOS-2022-1491 (CVE-2022-26026) can also be triggered by a specially crafted network request, but instead leads to a denial of service and a loss of communication. 

The other two vulnerabilities could allow an attacker to make external configuration changes, including creating a new security group on the Platform and creating new user accounts arbitrarily: TALOS-2022-1488 (CVE-2022-26303) and TALOS-2022-1489 (CVE-2022-26043). 

Cisco Talos worked with Open Automation Software to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy. Additionally, affected users could mitigate these issues by ensuring that proper network segmentation is in place so adversaries have the lowest possible level of access to the network on which the OAS Platform communicates. 

Users are encouraged to update these affected products as soon as possible: Open Automation Software OAS Platform, version 16.00.0112. Talos tested and confirmed this driver could be exploited by these vulnerabilities. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 59275 – 59279, 59732. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.