Security researchers at Cisco Talos disclosed that Sealevel had patched many severe vulnerabilities in the SeaConnect 370W Wi-Fi-connected edge device. In Industrial Control System (ICS) contexts, this Internet of Things (IoT) device is used for monitoring real-world I/O processes. The vulnerabilities discovered might be used to run arbitrary code on a susceptible device or perform man-in-the-middle attacks.
Three buffer overflow flaws classified as “critical severity” are the most serious of the newly reported bugs, and they might be used to gain remote code execution on affected systems. Two issues found in the LLMNR and NBNS name resolution services that SeaConnect 370W exposes have a CVSS score of 10. The flaws are categorized as CVE-2021-21960 and CVE-2021-21961.
“The vulnerability occurs when attempting to copy the queried name to a local buffer of fixed size (identified above as name_buffer). The implementation does not conduct any bounds checking prior to copying the data, simply trusting the supplied length field will be accurate and no larger than 32 bytes,” Talos clarifies.
As a result, an attacker may submit a big length value to cause a stack-based buffer overflow, giving them control of the program counter. The attacker can exploit the flaw by sending specially crafted network packets to gain remote code execution (RCE).
The third significant problem, which has a CVSS score of 9.0 and is tagged as CVE-2021-21962, is a heap-based buffer overflow discovered in the SeaConnect 370W’s OTA Update “u-download” capability. An attacker can exploit the issue and execute remote code by sending specially designed MQTT payloads.
Talos also identified that the SeaConnect device is vulnerable to a high-severity vulnerability (CVE-2021-21959) caused by a misconfiguration in the MQTTS capability, which may be used to undertake man-in-the-middle attacks and take control of the device. An attacker who succeeded in mounting a man-in-the-middle attack on the device may subsequently make use of many additional flaws to carry out malicious operations such as file overwrites.
CVE-2021-21967 (CVSS score of 6.5), another vulnerability that may be used to carry out man-in-the-middle attacks, as well as CVE-2021-21964 and CVE-2021-21965 (CVSS score of 8.6), which might be used to create a denial of service (DoS) scenario, were also revealed by Talos. Cisco’s security researchers said they’ve collaborated with Sealevel to verify that all discovered flaws are correctly addressed. Late in January, patches were made available.