Hackers have already targeted critical infrastructure, will they have time to implement their insidious plan?
Security experts from Forescout Vedere Labs discovered a set of 21 vulnerabilities in OT / IoT routers of the Canadian company Sierra Wireless, which can lead to remote code execution, unauthorized access, cross-site scripting, authentication bypass and denial-of-service attacks.
These shortcomings affect proprietary AirLink routers and open source components such as TinyXML and OpenNDS. AirLink routers are widely used in industry and mission-critical applications, providing high performance and multi-network connectivity. They are actively used in government systems, emergency services, energy, transport, water supply and sanitation systems, manufacturing and healthcare.
Among the most important vulnerabilities identified by experts, we can mention the following 9:
For at least five of the above vulnerabilities, attackers will not need authentication to successfully exploit them.
According to the researchers, attackers can exploit some of these vulnerabilities to gain full control over the OT / IoT router in mission-critical infrastructure.
A compromise can lead to network failures, allow spying, or move to more important assets and introduce malware.
According to the Shodan scan, more than 86 thousand AirLink routers were found on the Internet, only 9.44% of which were patched to the latest version, where the described vulnerabilities have already been fixed.
The built-in AirLink operating system called ALEOS needs to be updated to version 4.17.0 as soon as possible. The OpenNDS project has also released security updates, and therefore this software also needs to be updated to version 10.1.3. TinyXML, in turn, is a fault-tolerant software, so CVE-2023-40462 fixes will not be released.
Forescout also recommends that you take the following additional steps to enhance security:
You can learn more about all the vulnerabilities and attack principles in the company's technical report. The simultaneous identification of such a large number of vulnerabilities highlights the vulnerability of the network infrastructure, which is used everywhere in all industries, including critical ones.
To protect yourself from hacker attacks, you need to make every effort to comprehensively strengthen the security of your organization.
Security experts from Forescout Vedere Labs discovered a set of 21 vulnerabilities in OT / IoT routers of the Canadian company Sierra Wireless, which can lead to remote code execution, unauthorized access, cross-site scripting, authentication bypass and denial-of-service attacks.
These shortcomings affect proprietary AirLink routers and open source components such as TinyXML and OpenNDS. AirLink routers are widely used in industry and mission-critical applications, providing high performance and multi-network connectivity. They are actively used in government systems, emergency services, energy, transport, water supply and sanitation systems, manufacturing and healthcare.
Among the most important vulnerabilities identified by experts, we can mention the following 9:
- CVE-2023-41101 (remote code execution in OpenDNS, CVSS score 9.6)
- CVE-2023-38316 (remote code execution in OpenDNS, CVSS score 8.8)
- CVE-2023-40463 (unauthorized access to ALEOS, CVSS score 8.1)
- CVE-2023-40464 (unauthorized access to ALEOS, CVSS score 8.1)
- CVE-2023-40461 (cross-site scripting in ACEmanager, CVSS score 8.1)
- CVE-2023-40458 (denial of service in ACEmanager, CVSS score 7.5)
- CVE-2023-40459 (denial of service in ACEmanager, CVSS score 7.5)
- CVE-2023-40462 (TinyXML-related denial of service in ACEmanager, CVSS score 7.5)
- CVE-2023-40460 (cross-site scripting in ACEmanager, CVSS score 7.1)
For at least five of the above vulnerabilities, attackers will not need authentication to successfully exploit them.
According to the researchers, attackers can exploit some of these vulnerabilities to gain full control over the OT / IoT router in mission-critical infrastructure.
A compromise can lead to network failures, allow spying, or move to more important assets and introduce malware.
According to the Shodan scan, more than 86 thousand AirLink routers were found on the Internet, only 9.44% of which were patched to the latest version, where the described vulnerabilities have already been fixed.
The built-in AirLink operating system called ALEOS needs to be updated to version 4.17.0 as soon as possible. The OpenNDS project has also released security updates, and therefore this software also needs to be updated to version 10.1.3. TinyXML, in turn, is a fault-tolerant software, so CVE-2023-40462 fixes will not be released.
Forescout also recommends that you take the following additional steps to enhance security:
- change the default SSL certificates in Sierra wireless routers and similar devices;
- disable or restrict secondary services such as offline portals, Telnet, and SSH;
- implement a web application firewall to protect OT/IoT routers from web vulnerabilities;
- configure IDS to monitor external and internal network traffic for security breaches.
You can learn more about all the vulnerabilities and attack principles in the company's technical report. The simultaneous identification of such a large number of vulnerabilities highlights the vulnerability of the network infrastructure, which is used everywhere in all industries, including critical ones.
To protect yourself from hacker attacks, you need to make every effort to comprehensively strengthen the security of your organization.
