Kaspersky Lab experts have helped to identify and patch seven previously unknown vulnerabilities in ThingsPro Suite – a software platform installed on Moxa industrial computers, designed to analyze, manage and report on industrial control systems (ICS) processes to system administrators. Some of the vulnerabilities found could potentially allow threat actors to gain highly priviledged access to industrial computers and execute deadly commands. All vulnerabilities identified were reported to and patched by platform developer Moxa.
Industrial computers are crucial elements of any manufacturing system. They monitor and analyze ongoing processes in the network, unify the information and send results to administrators or engineers, simplifying management. Any attempt to compromise such a device could cause extreme difficulties and devastating consequences: from obstructing work and production in an industrial entity, through to the loss of significant funds and large-scale catastrophes affecting entire regions.
With that in mind, it is important for industrial vendors to examine and secure their devices to prevent unwanted security scenarios. Aware of the potential risks, Moxa – a well-known developer of products for industrial systems – partnered with Kaspersky Lab to undertake a vulnerability check of its ThingsPro Suite.
The approach paid off. Within two weeks, Kaspersky Lab security researchers conducted a preconceptual study of the product, testing it for vulnerabilities that could be exploited remotely. As a result, seven zero-day vulnerabilities were found. One of the most severe included the potential to execute any command on the target industrial computer by an attacker. Another vulnerability made it possible for cybercriminals to gain root privileges and take over network administration, providing the ability to change the device’s configurations. Moreover, its exploitation could be automated, meaning that if cybercriminals gained root-access they could automatically infect multiple industrial computers, turning a compromise attempt into a major cyberattack affecting a huge number of industrial enterprises.
“Moxa is a trusted and respected brand within the industrial systems world. However, despite the company’s vast expertise and experience, its new product had a number of vulnerabilities which shows that it is important for even industry leaders to conduct proper cybersecurity tests. We appeal to all ICS-product developers to follow Moxa’s lead and act responsibly, performing regular vulnerability checks and treating the security of solutions for industrial systems as an integral and essential part of development, rather than an afterthought or given no thought at all,” said Alexander Nochvay, security researcher at Kaspersky Lab.
To keep industrial control systems safe, users are advised to:
- Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
- Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks and network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.
- Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has operated in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com
