“Uncovering the Teltonika Vulnerabilities That Put Industrial Organizations at Risk of Remote Attacks”

Critical vulnerabilities in Teltonika products discovered by industrial cybersecurity firms Otorio and Claroty may expose thousands of internet-exposed devices to cyber-attacks. CISA has briefly described Teltonika‘s IoT vulnerabilities in an advisory published on May 11. The vulnerabilities can be exploited for arbitrary code or command execution with elevated privileges, obtaining information, and routing a connection to a remote server; the router vulnerabilities specifically allow arbitrary code or command execution. Otorio’s Eran Jacob highlighted that these routers are used to connect remote industrial sites or devices to the internet and, by exploiting the vulnerabilities in the devices, attackers may be able to gain access to the internal network connected to the targeted device. This would lead to thousands of organizations being exposed to cyber attacks that would enable attackers to access internal industrial environments, OT devices, vulnerable devices, internal services, etc. Experts believe that thousands of industrial environments worldwide are exposed to these vulnerabilities, amplifying the potential consequences due to the routers’ loose security protocols in design.

Teltonika Networks is a Lithuania-based company that makes LTE routers, gateways, modems and other networking solutions, whose products are used worldwide in sectors such as industrial, energy, utilities, smart city, transportation, enterprise, and retail. The products researched by Otorio and Claroty included the company’s RUT241 and RUT955 cellular routers, as well as the Teltonika Remote Management System (RMS), a platform that can be deployed on-premises or in the cloud for monitoring and managing connected devices. Claroty’s Noam Moshe explained that some vulnerabilities and exploit chains do not require any permission or credentials for the devices, adding that thousands of devices are internet-facing and some vulnerabilities are exploitable from the internet. Moreover, some of the attack chains permit the attacking of devices that might not be internet-facing if the attacker gains access to the cloud-based management platform.

Teltonika Networks has released patches for the RMS platform and the RUT routers after being informed of their vulnerabilities by the researchers. Experts suggest that the exposed vulnerabilities require active monitoring and security controls in place that are both preventive and detective in nature. Preventive controls should help in reducing the risk level of attack surfaces, whereas detective controls should assist in identifying any security events arising from the exploitation of vulnerabilities, such as misconfigurations, and unauthorized access attempts.

The increasing adoption of IoT devices within critical infrastructure sectors, including energy, water, and transport, create a challenging environment for security professionals, given the lack of security protocols in device design, deployment and management. The industry requires the integration of security into IoT devices to ensure that appropriate preventive and detective controls are in place before devices are deployed. These measures would ensure that cyber-attacks on IoT devices do not have consequences that extend far beyond the scope of individual vulnerabilities.

Industrial Security-cybersecurity,industrialcontrolsystems,Teltonika,vulnerabilities,remoteattacks