Cybersecurity researchers at OTORIO have discovered critical vulnerabilities in popular industrial remote access systems. Their exploitation makes it possible to deny access to production facilities, hack corporate networks, falsify data and steal confidential information.
Issues were identified in B&R Automation's SiteManager and GateManager, as well as MB Connect Line's mbCONNECT24, popular remote maintenance tools used in the automotive, energy, oil and gas and metals industries to connect to industrial sites from anywhere in the world.
As explained by researchers Nikolay Sokolik and Hay Mizrachi, who discovered the vulnerabilities (CVE-2020-11641, CVE-2020-11642, CVE-2020-11643, CVE-2020-11644, CVE-2020-11645 and CVE-2020-11646), their exploitation allows an authorized attacker with access to the solution through a general license to view confidential information about other users, their assets, and their processes, even if they belong to another organization.
“In addition, hackers can mislead users with fake system messages and warnings. An attacker could also cause both GateManager and SiteManager to reboot, eventually causing production to fail”, the experts said.
The vulnerabilities affect all versions of SiteManager up to 9.2.620236042, GateManager 4260 and 9250 up to 9.0.20262 and GateManager 8250 up to 9.2.620236042.
Three different issues (CVE-2020-24569, CVE-2020-24568, and CVE-2020-24570) were discovered in mymbCONNECT24 and mbCONNECT24 (versions 2.6.1 and earlier) that could allow an authorized attacker to access arbitrary information using SQL injections, steal session data using cross-site request forgery, and execute remote code using a specially crafted link and using obsolete and unused third-party libraries bundled with the software.
The remote code execution vulnerability is the most dangerous, scoring 9.8 on the CVSS scale.