Attacks and Vulnerabilities
Building Management Systems
CISA
Critical infrastructure
ICS Security Framework
Industries
Industry 4.0
IT/OT Collaboration
Management & Strategy
Manufacturing
Medical
Mining, Oil & Gas
News
Pharma
Regulation, Standards and Compliance
Risk & Compliance
SOC & Incident Response
System Design & Architecture
Technology & Solutions
Transportation
Utilities: Energy & Power, Water, Waste

Security flaws found in FATEK Automation, Emerson WirelessHART Gateway, Mitsubishi hardware

October 08, 2021
Emerson WirelessHART

The Cybersecurity and Infrastructure Security Agency (CISA) warned the critical infrastructure sector this week of the detection of several vulnerabilities in FATEK Automation’s WinProladder and Communication Server. The agency also revealed security loopholes in Emerson WirelessHART Gateway equipment, and additional security flaws in Mitsubishi Electric GOT and Tension Controller hardware.

The vulnerabilities found in FATEK Automation WinProladder included out-of-bounds read and write, unexpected sign extension, stack-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and use after free, CISA said in its advisory on Thursday. The exploitation of these vulnerabilities may allow arbitrary code execution, remote code execution, heap corruption, and unauthorized information disclosure, it added.

Natnael Samson and xina1i, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA. FATEK Automation has not responded to requests to work with CISA to mitigate these vulnerabilities.

A stack-based buffer overflow vulnerability was also reported from the Taiwanese company’s Communication Server equipment. The affected product lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code, CISA said in its Thursday advisory. The affected versions of the Communication Server include versions 1.13 and prior. The exploitation of this vulnerability may allow remote code execution.

Trend Micro’s Samson reported this vulnerability to CISA. In this case too, FATEK Automation did not respond to requests to work with CISA to mitigate this vulnerability.

CISA advised the equipment users to take defensive measures to minimize the risk of exploitation of this vulnerability and recommended reducing network exposure for all control system devices and/or systems, placing control system networks and remote devices behind firewalls, and isolating them from the business network. When remote access is required, it is recommended to use secure methods, such as virtual private networks (VPNs).

Multiple security vulnerabilities were reported in the Emerson WirelessHART gateway including missing authentication for critical function, improper input validation, improper limitation of a pathname to a restricted directory, write-what-where condition, improper neutralization of special elements used in an OS command, and exposure of sensitive information to an unauthorized hacker. The exploitation of these vulnerabilities by an authenticated user can allow root-level arbitrary write permission, which can lead to remote code execution.

CISA identified that the affected devices were deployed globally across the chemical, critical manufacturing, dams, energy, food and agriculture, healthcare and public health, transportation systems, and water and wastewater systems sectors. The Emerson WirelessHART Gateway network communication devices included all versions of WirelessHART 1410 Gateway before v4.7.94, WirelessHART 1410D Gateway before v4.7.94, and WirelessHART 1420 Gateway before v4.7.94.

“Although these vulnerabilities were reported against Emerson’s version 4 WirelessHART gateway, most of the vulnerabilities also affect Emerson’s version 6 gateway,” Emerson said in its advisory.

The issues have been resolved or mitigated in recently released firmware which can be obtained using the instructions located in this notification. In case the Emerson WirelessHART Gateway is isolated from the internet and running on a well-protected network consistent with industry best practices, the potential risk is significantly lowered. Each user should consider their particular system configuration and circumstances, and determine the effect of this potential issue as it relates to their application and take appropriate actions, the company added.

Another CISA advisory warned of two more vulnerabilities in Mitsubishi Electric GOT and Tension Controller hardware. These vulnerabilities include improper handling of exceptional conditions and improper input validation. The exploitation of these flaws could allow an attacker to cause a denial-of-service condition by sending specially crafted packets. The Mitsubishi GOT and Tension Controller products are used globally in the critical manufacturing sector.

Mitsubishi Electric plans to release updated, fixed versions of these products in the future. It has in the meanwhile advised users to minimize the risk of exploitation of these vulnerabilities by using a firewall or VPN to prevent unauthorized access when Internet access is required. It also recommended using within a LAN and blocking access from untrusted networks and hosts through firewalls, and using the IP filter function to restrict the accessible IP addresses.

Last month, Mitsubishi Electric had revealed that multiple denial of service vulnerabilities exist in the TCP/IP protocol stack of its GOT (Graphic Operation Terminal) and Tension Controller because of improper handling of exceptional conditions and improper input validation. These security loopholes may be used by a remote attacker to cause a DoS condition of GOT and Tension Controller by sending specially crafted packets.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation