1 min read

Vulnerabilities in Industrial Serial-to-Ethernet Converters Enable Remote Control of Critical Infrastructure

Liviu ARSENE

May 08, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Vulnerabilities in Industrial Serial-to-Ethernet Converters Enable Remote Control of Critical Infrastructure

Two critical vulnerabilities have recently been found in industrial device servers produced by Lantech, enabling attackers to remotely dial into infrastructures and control affected devices.

Lantech’s IDS-2102 industrial device server is meant to convert serial ports into Ethernet connections, enabling remote over-the-internet access to the device and, consequently, to the critical infrastructure’s network. Both vulnerabilities, CVE-2018-8869 and CVE-2018-8865, have been ranked critical.

The first vulnerability involves improper input validation in the device’s web interface, allowing for cross-site-scripting (XSS) and SQL injection attacks. Coupled with a buffer overflow vulnerability, attackers could plant and execute malicious code on the affected device.

“The program ser2net reads the configuration file and interprets it. One function called del_ip_proceeded_0 tries to ensure that the input is a valid IP address. However, they use strcpy to copy the string and here you have a classical stack-based buffer overflow,” said researcher Florian Adamsky of Luxembourg’s SECAN-Lab, who discovered the bug. “So far, we have investigated three common serial-to-ethernet converters and found serious security vulnerabilities in each of them. These devices are normally not cheap (nearly all of them cost > $100) but there is nearly no software quality.”

Although the ICS-CERT has published an advisory warning of the severity of the two vulnerabilities and their risk of abuse by threat actors, Lantech has yet to release an official patch despite being contacted by both the National Cybersecurity and Communications Integration Center (NCCIC) and the security researchers (Florian Adamsky and Thomas Engel) that reported the vulnerabilities.

While Lantech has argued that the company stopped supporting IDS-2102 in January 2018, critical infrastructures that still use the device are strongly encouraged to follow NCCIC’s proposed mitigations for avoiding breaches. From minimizing network exposure of industrial control systems, to hiding them behind firewalls, and using VPNs to remotely dial into critical infrastructure networks.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader