Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SMA Technologies Patches Critical Security Issue in Workload Automation Solution

A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations.

Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations.

A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations.

Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations.

Tracked as CVE-2022-2154, the issue results in the same SSH key being delivered on every installation and subsequent updates, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University explains in an advisory.

The SSH public key is added to the root account’s authorized_keys file during the agent’s installation, and the entry remains there even after the OpCon software has been removed.

The installation files also include a corresponding, unencrypted private key named “sma_id_rsa.”

“An attacker with access to the private key included with the OpCon UNIX agent installation files can gain SSH access as root on affected systems,” CERT/CC noted.

The bug impacts version 21.2 and earlier of the OpCon UNIX agent. SMA Technologies, which was informed of the security issue in March, told CERT/CC that it has already updated the version 21.2 package to remove the vulnerability.

“We have analyzed the reported vulnerability and have created a utility that can be applied to remove the vulnerability from affected systems. The utility should be run as soon as possible to all UNIX/Linux/AIX systems using the OpCon UNIX agent to prevent any potential exploitation,” the company said.

Advertisement. Scroll to continue reading.

SMA says its removal tool checks the authorized_keys file for the vulnerable SSH key and moves it from there, while informing the user that it has found and removed it. It also removes the vulnerable public and private keys from other folders where they might reside.

The issue can also be addressed by manually removing the SSH key entry from root’s authorized_keys file, CERT/CC notes.

Related: Cisco Patches Critical Vulnerability in Email Security Appliance

Related: ‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware

Related: Critical U-Boot Vulnerability Allows Rooting of Embedded Systems

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights