Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers

Oil and gas flow computers and remote controllers made by Swiss industrial technology firm ABB are affected by a serious vulnerability that could allow hackers to cause disruptions and prevent utilities from billing their customers, according to industrial cybersecurity firm Claroty.

Oil and gas flow computers and remote controllers made by Swiss industrial technology firm ABB are affected by a serious vulnerability that could allow hackers to cause disruptions and prevent utilities from billing their customers, according to industrial cybersecurity firm Claroty.

Utilities rely on flow computers to calculate oil and gas flow rates and volume. These devices, which are often used in the electric power sector, play an important role in process safety, as well as billing.

ABB flow computer and controller vulnerability Researchers at Claroty showed how an attacker with access to a targeted flow computer can bypass authentication using a brute-force attack, and then exploit a path traversal vulnerability to read the device’s shadow password file to obtain its root account password. The same vulnerability can be used to modify the SSH configuration file to enable password authentication and allow the attacker to access the device with root privileges.

This entire exploit chain can allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. The hacker can take complete control of the device and disrupt its ability to measure oil and gas flow, which can prevent the victim from billing customers.

One perfect example of the importance of billing systems is provided by the 2021 Colonial Pipeline ransomware attack, where the company reportedly halted operations not because the hackers hit operational technology (OT) systems, but because its billing system was compromised.

Claroty reported its findings to ABB, which announced the release of firmware patches for affected products in July. The path traversal vulnerability is tracked as CVE-2022-0902 and it has been assigned a ‘high severity’ rating.

ABB has determined that its XFC G5 and uFLO G5 flow computers, RMC-100, XRC G5, and XIO remote controllers, as well as the Totalflow Universal Data Controller (UDC) are impacted. The vendor said in its July advisory that it was not aware of any attacks exploiting the vulnerability.

Claroty has published a blog post detailing its research, as well as a video showing how an attacker could hack a device.

Related: iBoot Power Distribution Unit Flaws Allow Hackers to Remotely Shut Down Devices

Advertisement. Scroll to continue reading.

Related: New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs

Related: Moxa MXview Vulnerabilities Expose Industrial Networks to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.