Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Attackers Exploit Flaw in Software Used by US Ports

An application used in the transportation sector worldwide is plagued by a high severity SQL injection vulnerability. The hacker who discovered the issue released a proof-of-concept (PoC) exploit without informing the vendor and ICS-CERT says the flaw has already been exploited against organizations in the United States.

An application used in the transportation sector worldwide is plagued by a high severity SQL injection vulnerability. The hacker who discovered the issue released a proof-of-concept (PoC) exploit without informing the vendor and ICS-CERT says the flaw has already been exploited against organizations in the United States.

The vulnerable application is Navis WebAccess, a web-based app that provides transport operators real-time access to operational logistics information.

A hacker who uses the online moniker “bRpsd” discovered that the product’s publicly accessible news pages are plagued by a SQL injection vulnerability (CVE-2016-5817) that allows a remote attacker to read or modify data stored in the application’s SQL database.

Navis, a subsidiary of Cargotec Corporation, learned about the vulnerability on August 9, one day after the hacker published the PoC exploit. Custom patches for this flaw were released by the vendor on August 10.

Navis WebAccess is a legacy product that is used by only 13 organizations around the world, including five in the United States. An online search conducted by SecurityWeek shows that the application is present on the websites of the Georgia Ports Authority, the Port of Virginia, Port of Houston Authority, and Ports America. WebAccess is also accessible on the website of a port in India.

ICS Cyber Security ConferenceAccording to ICS-CERT, the vendor has contacted all the affected customers and the patches have been applied by all customers in the United States. However, the agency pointed out that the vulnerability has been exploited against multiple US-based organizations, resulting in data loss.

Since transportation systems is one of the 16 critical infrastructure sectors, ICS-CERT has published a security alert to warn the critical infrastructure community in the U.S., and provide indicators of compromise (IoC) and mitigation advice.

The vulnerability has been assigned an NCCIC Cyber Incident Scoring System (NCISS) rating of “low,” which indicates that the issue is unlikely to have an impact on public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.

The Zone-H defacement database shows that the hacker bRpsd has defaced more than 1,200 random websites since mid-2014. He has also published exploits for a handful of applications.

Related: Learn More at SecurityWeek’s 2016 ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.

ICS/OT

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.

ICS/OT

Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot...