A new vulnerability was found by cybersecurity researchers, in systems used across oil and gas organizations. If it were to fall in the wrong hands, this vulnerability could be exploited to inject and execute arbitrary code.

The high-severity issue, tracked as CVE-2022-0902, has received a CVSS score of 8.1 and is a path traversal flaw, first noticed in ABB computers and remote controllers. Flow computers specialize on calculating volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.

Source

Put simply, the vulnerability identified by Claroty exists in ABB’s implementation of its proprietary Totalflow TCP based protocol, which is utilized to remotely configure the computers.

A malicious actor could potentially exploit this issue and bypass authentication, only to proceed to uploading arbitrary files. Attackers could seize control of the devices and prevent their ability to properly record oil and gas flow rates.

Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code.

Source

The Swedish-Swiss industrial automation company has addressed the issue and released firmware updates.

Consequences of an Attack

Vera Mens, one of Claroty`s researchers, claims that, in the event of a successful exploit of this vulnerability, the company would be greatly affected, from blocking its ability to bill customers to forcing a disruption of services, comparable to the consequences suffered by Colonial Pipeline following its ransomware attack back in 2021. In that instance, the company was forced to shut down after being hit by ransomware in a clear demonstration of the vulnerability of the energy infrastructure when confronted with cyberattacks.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.





Source link

Previous articleEmail Fraud 2022: Scammers using USA Army Name Exposed by @Digital Sudhir
Next articleMontana Attorney General Warns of Online Dating Scams

LEAVE A REPLY

Please enter your comment!
Please enter your name here