Industrial Wi-Fi networks appear to have serious security problems
- Three Advantech access points contain twenty vulnerabilities due to shared firmware
- Six of the deficiencies are critical, with a severity score of 9.8
- They enable remote code execution, Denial of Service and more
Multiple Advantech entry points have been found with nearly two dozen vulnerabilities, some of which even enabled RCE (Remote Code Execution) with root privileges, experts warn.
A report from cybersecurity researchers at Nozomi Networks, who noted that the EKI-6333AC-2G, EKI-6333AC-2GD and EKI-6333AC-1GPO access points had twenty vulnerabilities due to shared firmware. Of those 20, six were considered critical, with a severity score of 9.8.
The affected devices provide dual-band Wi-Fi connectivity for industrial applications, such as electric vehicle manufacturing or automated security lines. They provide real-time communication for, for example, rail guided vehicles (RGVs) and therefore play a major role in an industrial environment.
Serious impact
The report outlines two ways criminals can exploit these flaws: via LAN/WAN or over the air. The former allows attackers to send malicious requests to the device, provided they have network access. With the latter, however, they only need to be close enough to exploit weaknesses in wireless protocols.
The impact can be quite severe, Nozomi further explained. Attackers could exploit the flaws to install backdoors and allow continuous access; they can cripple automation processes with denial-of-service (DoS) attacks; and they could use the entry points for lateral movement through the target infrastructure, potentially deploying more malware or even ransomware.
“These vulnerabilities pose significant risks, allowing unauthenticated code to be executed remotely with root privileges, completely compromising the confidentiality, integrity, and availability of affected devices,” the researchers said.
The defects have now been resolved. For EKI-6333AC-2G and EKI-6333AC-2GD, be sure to patch to version 1.6.5, and for EKI-6333AC-1GPO, 1.2.2. Additionally, researchers recommend that users continuously monitor the devices and proactively manage any vulnerabilities to protect their industrial IT infrastructure.
The full list of all flaws, their CVEs, severity scores, and impact on vulnerable devices can be found at this link.
Via The hacker news
