Industrial Gateways Vulnerable to Attack

By Josh Balentine on March 2, 2019

(By: Josh Balentine on March 2, 2019)

This month researchers with the cybersecurity firm Applied Risk, discovered vulnerabilities within the Kunbus PR100088 Modbus gateway that allows attackers to gain control of the device. Modbus gateways are used in an industrial environment to connect existing networks and devices running the Modbus serial protocol to an ethernet network and allows for communication between all devices. The vulnerabilities range from improper authentication, password retrieval through man-in-the-middle (MITM), and improper input validation. The vulnerability identified in CVE-2019-6527, describes a vulnerability were the web application for the gateway device does not validate whether a user is logged on when processing a change of password. Through this vulnerability an attacker can change the admin’s password, locking the user out and restricting access to the device.

Another vulnerability identified was passwords not being encrypted and being sent to a device for authentication in clear text as a result of a HTTP GET request, as a result a potential attacker with MITM capabilities can intercept this traffic and gain user’s passwords. The improper input validation vulnerabilities involve the File Transfer Protocol (FTP), which is used to transfer files between computers and servers on a network. The first vulnerability identifies that a user’s input is not properly checked to the FTP service and if a request with more than 256 characters is sent, an attacker can crash the device requiring a reboot. The other FTP related vulnerability is identified as credentials used for the gateway are stored in a clear text xml file that can be accessed through the FTP service.

Vulnerable Equipment:

  • Kunbus PR100088 Modbus gateway

Vulnerability Overview

  • Improper Authentication: CVE-2019-6527
  • Information Exposure Through Query Strings: CVE-2019-6531
  • Clear Text Storage of Sensitive Information: CVE-2019-6549

Patches and Updates

The Kunbus company has released patches for these vulnerabilities in the security update 1.1.13166.

Sources:

Critical Flaws Allow Hackers to Take Control of Kunbus Industrial Gateway. (n.d.). Retrieved from https://www.securityweek.com/critical-flaws-allow-hackers-take-control-kunbus-industrial-gateway.

Kunbus PR100088 Modbus Gateway (Update B): CISA. (n.d.). Retrieved from https://www.us-cert.gov/ics/advisories/ICSA-19-036-05.

National Institute of Standards and Technology. (n.d.). Retrieved from https://nvd.nist.gov/vuln/detail/CVE-2019-6549.

Related Posts