Wireless Industrial Internet of Things (IIoT) devices from four distinct vendors have a total of 38 security flaws that have been found. These flaws potentially represent a significant attack surface for threat actors trying to target operational technology (OT) systems.
“Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks,” Israeli industrial cybersecurity company Otorio stated. “They can use these vulnerabilities to bypass security layers and infiltrate target networks, putting critical infrastructure at risk or interrupting manufacturing.”
In a nutshell, the weaknesses provide a remote entry point for attack, allowing unauthenticated attackers to take advantage of this to establish a foothold and use it as leverage to expand to other hosts and do serious harm. Security researcher Roni Gavrilov said that some flaws might be linked together to provide an outside attacker direct internet access to thousands of internal OT networks.
Three of the 38 flaws – CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981 – affect ETIC Telecom’s Remote Access Server (RAS) and may be exploited to take total control of vulnerable devices. InHand Networks’ InRouter 302 and InRouter 615 have five more flaws that, if exploited, might lead to code execution, information leakage, and command injection. In particular, it requires exploiting weaknesses in the cloud platform “Device Manager,” which enables operators to carry out remote activities like configuration changes and firmware updates to compromise any cloud-managed InRouter device with root rights.
Two vulnerabilities in the Sierra Wireless AirLink Router (CVE-2022-46649 and CVE-2022-46650) have also been found, which if exploited, might result in the loss of sensitive data and remote code execution. The remaining issues are currently being disclosed responsibly. The findings highlight how IIoT devices might endanger OT networks by being directly accessed over the internet, thereby resulting in a “single point of failure” that can bypass all security measures. Alternately, local attackers can penetrate cellular gateways and industrial Wi-Fi access points by focusing on on-site Wi-Fi or cellular channels, creating adversary-in-the-middle (AitM) situations with potentially harmful effects.
Attacks can target combo chips, which are often found in electrical gadgets, or they can target weak encryption techniques. According to Otorio, threat actors may do this by identifying high-value industrial areas, physically locating them, and then exploiting the access points from a close distance. WiGLE is a directory of various wireless hotspots throughout the world. It’s advised to disable unsafe encryption techniques, conceal Wi-Fi network names, turn off unnecessary cloud management services, and take precautions to keep equipment from being made accessible to the general public as countermeasures.
“The low complexity of exploit, combined with the broad potential impact, makes wireless IIoT devices and their cloud-based management platforms an enticing target for attackers looking to breach industrial environments,” said the company.
Additionally, Otorio released information on two severe issues in Siemens Automation License Manager (CVE-2022-43514 and CVE-2022-43513) that, when combined, might lead to privilege escalation and remote code execution. Siemens fixed the flaws in January 2023.