- The cybersecurity research team at Claroty, Team82, has exposed a series of vulnerabilities in popular Operational Technology (OT) protocol clients, namely Inductive Automation Ignition and Softing edgeAggregator, which could be exploited to allow full remote control over the clients.
- Both the mentioned clients are crucial to industrial automation across various sectors, playing key roles in creating and implementing automation systems, and gathering and visualising data.
- Vulnerabilities identified could have serious and far-reaching repercussions, with the exploited features capable of taking total control of both clients.
- The exposed vulnerabilities, CVE-2023-27335, CVE-2023-38126, CVE-2023-38125, CVE-2023-38121, and CVE-2023-38124, have now been rectified by both vendors, who advise users to immediately update their systems.
Security researchers from Team82 at Claroty have identified glaring vulnerabilities in two popular Operational Technology (OT) protocol clients: the Inductive Automation Ignition and Softing edgeAggregator. It was demonstrated that these vulnerabilities could provide attackers with full control over the clients, including the capability for remote code execution. Both Ignition and Softing are heavily deployed in industrial automation across vast sectors.
These OT clients perform vital functions in the creation and implementation of automation systems, as well as data collection and visualisation. Consequently, the exploitation of these capabilities could lead to severe and pervasive impacts. The vulnerabilities were outlined as CVE-2023-27335, CVE-2023-38126, CVE-2023-38125, CVE-2023-38121, and CVE-2023-38124.
The Claroty researchers employed a combination of old and new attack strategies, in turn revealing zero days in both clients by exploiting the OPC UA client’s trust in the data it receives from the OPC UA server. One such vulnerability was found in Inductive Automation’s Ignition, a software platform for industrial automation and control which is deployed across various industrial settings. The Ignition OPC UA client was discovered to possess an inherent Cross-site Scripting (XSS) vulnerability. This vulnerability was then manipulated to enable code execution.
Softing edgeAggregator, which offers a platform for efficient data management capable of handling vast amounts of industrial information from various sources, was found to be prone to a similar XSS attack. Additionally, an insecure backup process on Softing’s server allowed attackers to create random files in arbitrary locations, which could lead to remote code execution.
These findings are concerning for the industries reliant on these systems. Nevertheless, these vulnerabilities have now been addressed by both vendors. Softing and Inductive Automation users are urged to immediately update their installations and apply the necessary patches to protect their systems from these newly discovered vulnerabilities.