Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Vulnerabilities Found in Sealevel Device Used in ICS Environments

Cisco’s Talos security researchers have published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W WiFi-connected edge device.

Cisco’s Talos security researchers have published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W WiFi-connected edge device.

The internet of things (IoT) device is used in industrial control system (ICS) environments for the monitoring of real-world I/O processes. The identified bugs could be exploited to execute arbitrary code on a vulnerable device, or to perform man-in-the-middle attacks.

The most severe of the newly disclosed bugs are three buffer overflow issues rated “critical severity,” which could be exploited to achieve remote code execution on vulnerable devices.

With a CVSS score of 10, two of the flaws were identified in the LLMNR and NBNS name resolution services that SeaConnect 370W exposes. The bugs are tracked as CVE-2021-21960 and CVE-2021-21961.

“The vulnerability occurs when attempting to copy the queried name to a local buffer of fixed size (identified above as name_buffer). The implementation does not conduct any bounds checking prior to copying the data, simply trusting the supplied length field will be accurate and no larger than 32 bytes,” Talos explains.

[READ: Serious Vulnerabilities Found in Wi-Fi Module for Critical Industrial Applications]

Thus, an attacker can supply a significantly large length value to trigger a stack-based buffer overflow, which would provide them with control of the program counter, Talos says. The attacker can trigger the issue using crafted network packets, achieving remote code execution.

Featuring a CVSS score of 9.0 and tracked as CVE-2021-21962, the third critical bug is a heap-based buffer overflow identified in the OTA Update “u-download” functionality of SeaConnect 370W. An attacker can use specially-crafted MQTT payloads to exploit the flaw and achieve remote code execution.

Advertisement. Scroll to continue reading.

Talos also discovered that the SeaConnect device is impacted by a high-severity vulnerability (CVE-2021-21959) that exists because of a misconfiguration in the MQTTS functionality, and which could be exploited to perform man-in-the-middle attacks and control the device’s functionality.

An attacker able to mount a man-in-the-middle attack against the device could then exploit a series of other vulnerabilities to perform malicious actions, such as file overwrites.

Talos also disclosed information on CVE-2021-21967 (CVSS score of 6.5), another vulnerability that can be exploited to carry out man-in-the-middle attacks, as well as CVE-2021-21964 and CVE-2021-21965 (CVSS score of 8.6), which could be exploited to cause a denial of service (DoS) condition.

Cisco’s security researchers note that they have worked with Sealevel to ensure that all of the identified vulnerabilities are correctly resolved. Patches were released in late January.

Related: Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors

Related: CODESYS Patches Dozen Vulnerabilities in Industrial Automation Products

Related: Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.