Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Vulnerabilities Found in Sealevel Device Used in ICS Environments

Cisco’s Talos security researchers have published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W WiFi-connected edge device.

Cisco’s Talos security researchers have published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W WiFi-connected edge device.

The internet of things (IoT) device is used in industrial control system (ICS) environments for the monitoring of real-world I/O processes. The identified bugs could be exploited to execute arbitrary code on a vulnerable device, or to perform man-in-the-middle attacks.

The most severe of the newly disclosed bugs are three buffer overflow issues rated “critical severity,” which could be exploited to achieve remote code execution on vulnerable devices.

With a CVSS score of 10, two of the flaws were identified in the LLMNR and NBNS name resolution services that SeaConnect 370W exposes. The bugs are tracked as CVE-2021-21960 and CVE-2021-21961.

“The vulnerability occurs when attempting to copy the queried name to a local buffer of fixed size (identified above as name_buffer). The implementation does not conduct any bounds checking prior to copying the data, simply trusting the supplied length field will be accurate and no larger than 32 bytes,” Talos explains.

[READ: Serious Vulnerabilities Found in Wi-Fi Module for Critical Industrial Applications]

Thus, an attacker can supply a significantly large length value to trigger a stack-based buffer overflow, which would provide them with control of the program counter, Talos says. The attacker can trigger the issue using crafted network packets, achieving remote code execution.

Featuring a CVSS score of 9.0 and tracked as CVE-2021-21962, the third critical bug is a heap-based buffer overflow identified in the OTA Update “u-download” functionality of SeaConnect 370W. An attacker can use specially-crafted MQTT payloads to exploit the flaw and achieve remote code execution.

Talos also discovered that the SeaConnect device is impacted by a high-severity vulnerability (CVE-2021-21959) that exists because of a misconfiguration in the MQTTS functionality, and which could be exploited to perform man-in-the-middle attacks and control the device’s functionality.

An attacker able to mount a man-in-the-middle attack against the device could then exploit a series of other vulnerabilities to perform malicious actions, such as file overwrites.

Talos also disclosed information on CVE-2021-21967 (CVSS score of 6.5), another vulnerability that can be exploited to carry out man-in-the-middle attacks, as well as CVE-2021-21964 and CVE-2021-21965 (CVSS score of 8.6), which could be exploited to cause a denial of service (DoS) condition.

Cisco’s security researchers note that they have worked with Sealevel to ensure that all of the identified vulnerabilities are correctly resolved. Patches were released in late January.

Related: Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors

Related: CODESYS Patches Dozen Vulnerabilities in Industrial Automation Products

Related: Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.