Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

CISA Warns of PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch

CISA has notified RAD after finding a PoC exploit targeting a high-severity vulnerability in an outdated industrial switch.

The US cybersecurity agency CISA on Tuesday released an ICS advisory to notify organizations about a high-severity vulnerability found in an outdated industrial switch made by Israel-based networking equipment manufacturer RAD Data Communications.

The agency recently discovered a publicly available proof-of-concept (PoC) exploit targeting a path traversal vulnerability in RAD’s SecFlow-2 ruggedized switch/router, which is designed for harsh industrial environments.

The flaw has been assigned the identifier CVE-2019-6268, but no information appears to have been publicly available until early March 2024, when someone released technical details and a PoC on the Packet Storm website.

“RAD SecFlow-2 devices with hardware 0202, firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for directory traversal, as demonstrated by reading /etc / shadow,” reads the description posted on Packet Storm for CVE-2019-6268.

It adds, “[An] unauthorized attacker can create a crafted request to obtain any file from the operating system (password hashes).”

Vulnerabilities related to the exposure of passwords can pose a significant risk to ICS and other OT systems. SecurityWeek recently spoke to multiple experts about the prevalence of such flaws and their potential impact.

CISA informed RAD about the vulnerability after finding the PoC, but the SecFlow-2 product has reached end of life (EOL) and the vendor has advised customers to upgrade their devices to the newer SecFlow-1p industrial IoT gateway.

In addition, the cybersecurity agency has provided some general recommendations to reduce the risk of malicious exploitation. 

Advertisement. Scroll to continue reading.

CISA says the impacted product is used worldwide in the communications sector.

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

Related: ICS Patch Tuesday: Advisories Published by Siemens, Schneider Electric, Aveva, CISA

Related: Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights