ICS/OT Milesight Industrial Router Vulnerability Possibly Exploited in Attacks
A vulnerability affecting industrial routers made by Chinese IoT and video surveillance product maker Milesight may have been exploited in attacks, according to exploit and vulnerability intelligence firm VulnCheck. The vulnerability, tracked as CVE-2023-4326, is a serious vulnerability that exposes system log files containing passwords for administrators and other users. Remote, unauthenticated attackers can leverage these passwords to gain unauthorized access to targeted devices. While the passwords are not stored in plain text in the log files, they can be easily cracked.
The Flaw and Researcher’s Disclosure
Researcher Bipin Jitiya recently disclosed details of the vulnerability and published a proof-of-concept (PoC) exploit. Upon reaching out to Milesight, the vendor informed Jitiya that they were already aware of the flaw and had released patches before the researcher’s disclosure. An analysis of various firmware versions conducted by VulnCheck confirmed that CVE-2023-4326 has likely been patched for years.
Scope of the Vulnerability
Approximately 5,500 internet-exposed Milesight devices were found using the Shodan and Censys search engines. However, only 6.5% of these devices, or less than 400 devices, appear to be running vulnerable firmware versions. Despite this, VulnCheck observed what may be small-scale exploitation of the vulnerability by an attacker attempting to log into six systems on October 2, 2023. The IP addresses geolocate to France, Lithuania, and Norway, and the attacker used different non-default credentials for each system.
Possible Exploitation and Consequences
During the observed attacks, the hacker did not make any changes to the compromised systems but went through all the settings and status pages. This indicates that the attacker may have been conducting reconnaissance. In some cases, the compromised systems had configured VPN servers, and the attacker exposed cleartext credentials, potentially enabling them to pivot into the ICS network. The affected UR-series routers can be used in various fields, including industrial automation, self-service kiosks, traffic lighting, smart grid assets, medical equipment, and retail.
Advice for Users and Organizations
This incident highlights the ongoing importance of keeping industrial routers and other IoT devices up-to-date with the latest patches and firmware updates. It is crucial for device manufacturers to promptly address and fix vulnerabilities to prevent potential exploitation. Additionally, users should regularly check for firmware updates and patches from the vendor and promptly apply them to ensure the security and integrity of their systems.
Organizations should also consider implementing additional security measures, such as multi-factor authentication, to further protect sensitive systems and data. It is essential to regularly monitor network activity and log files for any signs of unauthorized access or suspicious behavior. In cases where a vulnerability has been identified and patched, organizations should conduct thorough security assessments and penetration testing to ensure that the vulnerability has indeed been mitigated.
Conclusion
The potential exploitation of the Milesight industrial router vulnerability highlights the ongoing risks associated with IoT and industrial control system devices. It serves as a reminder for both manufacturers and users to prioritize security and actively address vulnerabilities. With the increasing interconnectedness of devices and the potential consequences of unauthorized access, it is essential for all stakeholders to remain vigilant and proactive in implementing security measures to protect critical infrastructure.
Sources: cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Israeli Rocket Alert Apps Seen as Spyware Threat to National Security
- Exploring the Consequences: Equifax Slapped with $13.5 Million Fine for 2017 Data Breach
- The Royal Rebrand: A Satirical Look at the Modern Monarchy
- Move Over: The Impact of MOVEit on Cyber Insurance Risk Assessment
- Rethinking Risk Management: Analyzing the New Landscape of NIST Framework 2.0
- Reevaluating Risk Management: Unpacking the Significance of NIST Framework 2.0
- SpyNote Unleashed: Unveiling the Dangers of The Android Trojan
- “Looney Tunables: Analyzing the Snowballing Exploits Exploiting Linux Flaw”
- Israel’s Hacking Group Resurfaces: Unveiling Cyber Warfare Amid Gaza Conflict
- Unpatched Vulnerabilities in Yifan Industrial Routers: A Looming Threat
- Major Security Flaw Exposes Widespread Vulnerabilities in Milesight Industrial Router
- 11 New Vulnerabilities in Industrial Cellular Routers: A Potential Threat to OT Networks
- Progress Software Takes Swift Action to Secure WS_FTP Server Product from Critical Pre-Auth Flaws
- “Unpacking the WinRAR Security Flaw: How Zero-Day Attacks Target Traders”
- WinRAR Security Flaw Spotlight: A Gateway for Hackers to Commandeer Your Computer
