Analysis
Attacks and Vulnerabilities
CISA
Control device security
Critical infrastructure
Industrial Cyber Attacks
News
Technology & Solutions
Threat Landscape
Vendors
Vulnerabilities

OTORIO details Atlas Copco Power Focus 6000 controller vulnerabilities

June 28, 2023
OTORIO details Atlas Copco Power Focus 6000 controller vulnerabilities

OT cybersecurity firm OTORIO identified the presence of hardware vulnerabilities in Atlas Copco Power Focus 6000 controller. The firm provided vulnerability details and hardening suggestions. Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that exploitation of these vulnerabilities could cause a loss of sensitive information and the takeover of a user’s active session. Chen Porian of OTORIO reported these vulnerabilities to CISA.

The Power Focus 6000 is a torque controller that connects various Atlas Copco assembly tools, providing a single-platform assembly solution. The device is commonly used in manufacturing and industrial companies and can be managed from the integrated HMI interface or remotely from a built-in WEB interface.

“The vulnerabilities discovered by OTORIO, if successfully exploited, could lead to the compromise of sensitive information, as well as the unauthorized takeover of active user sessions, which can potentially lead to delays in operations and errors in production,” OTORIO researchers identified in a Monday blog post. “We are in continuous communication with Atlas Copco in order to address these vulnerabilities. Atlas Copco is working on an official hotfix to the Power Focus device but has already acknowledged the mitigations in this document.”

The researchers said that “during an activity within a manufacturing customer’s network, we came across the Power Focus 6000. During a general network assessment, we discovered several vulnerabilities related to its WEB interface.”

Deployed globally across the critical manufacturing sector, the Power Focus 6000 web server performs an automatic login for any user using hard-coded credentials, OTORIO disclosed. “When a user navigates to the WEB server, an automatic request is sent by the browser to the controller with the hard-coded credentials and receives a session ID. This flaw could allow an attacker to gain unauthorized access to the controller and could allow them to set a PIN code in order to get persistent access.”

“The Power Focus 6000 web server utilizes a weak session ID format – simple integer numbers, making it vulnerable to enumeration attacks – an attacker can send multiple HTTP requests with different session IDs until they find an active session,” the blog added. “This is a trivial brute force type of attack that can be done by an unskilled attacker.”

By default, the Power Focus 6000 web server does not establish a secure connection (TLS/SSL), exposing sensitive information during network communication between the user and the controller. This flaw could allow an attacker to intercept and gather critical data by monitoring network traffic.

The CISA ICS advisory said that Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller. It also uses a small amount of session Id numbers. An attacker could enter a session Id number to retrieve data for an active user’s session.

CISA also revealed that the Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between the user and controller, the advisory added.

OTORIO called upon organizations to disable the web interface if not required for operational needs, thereby eliminating the attack surface completely. However, they noted that this will require operators to interact with the device only from the integrated HMI. They also suggest implementing network segmentation, as the device has firewall functionality that allows it to filter incoming connections based on Service port, IP address, and MAC address.

In addition, OTORIO has recommended isolating the Power Focus Device inside a segregated network to minimize the potential attack surface. “If it is not possible to isolate the device, consider restricting the WEB TCP port (The port that the Web server runs on) to allow communication only with necessary stations).”

Organizations must also set a strong and unique PIN code for accessing the device, which allows setting up a username with up to 32 characters long and a four-digit PIN code. User manuals provide detailed information on the configuration, settings, and security features of industrial systems, allowing operators to understand and implement necessary safeguards.

By following the instructions in the user manual, operators can ensure that the OT systems are set up securely, with proper access controls, network segmentation, and authentication mechanisms. This helps protect critical infrastructure from potential cyber threats, vulnerabilities, and unauthorized access, safeguarding against potential disruptions, data breaches, and malicious activities.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights