Researchers at industrial cybersecurity companies Otorio and Claroty have teamed up to conduct a detailed analysis of products made by Teltonika and found potentially serious vulnerabilities that can expose many organizations to remote hacker attacks.
Teltonika Networks is a Lithuania-based company that makes LTE routers, gateways, modems and other networking solutions that are used worldwide in the industrial, energy, utilities, smart city, transportation, enterprise, and retail sectors.
Researchers at Otorio and Claroty have analyzed the company’s RUT241 and RUT955 cellular routers, as well as the Teltonika Remote Management System (RMS), a platform that can be deployed on-premises or in the cloud for monitoring and managing connected devices.
The research resulted in the discovery of eight types of security holes, which the US Cybersecurity and Infrastructure Security Agency (CISA) described briefly in an advisory published on May 11.
The vendor has been notified and it has released patches for both the RMS platform and the RUT routers.
Otorio and Claroty on Monday released their own blog post providing a more detailed description of the findings.
The RMS vulnerabilities can be exploited for arbitrary code or command execution with elevated privileges, obtaining information, and routing a connection to a remote server. The router vulnerabilities allow arbitrary code or command execution.
“Some of our vulnerabilities and [exploit] chains do not require any permission/credentials for the devices,” explained Noam Moshe, vulnerability researcher at Claroty. “Currently, thousands of devices are internet-facing (meaning they are accessible from the internet), and some of the vulnerabilities are exploitable from the internet. In addition, some of our chains allow us to attack devices that may not be internet-facing by gaining access to the cloud-based management platform.”
Moshe told SecurityWeek that 4G routers are typically used to connect remote IIoT/IoT sites or devices to the internet and — by exploiting vulnerabilities in these routers — attackers might be able to gain access to the internal network connected to the targeted device.
“This means that attackers would be able to access thousands of organizations’ internal IIoT/IoT networks, vulnerable devices, internal services, etc.,” Moshe said.
Eran Jacob, security research team leader at Otorio, believes thousands of industrial environments worldwide are exposed to attacks due to these vulnerabilities.
“These routers are typically connected directly to internal industrial environments and OT devices (vulnerable by design), amplifying the potential consequences,” Jacob told SecurityWeek.
Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com
Related: Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products
Related: Building Automation System Exploit Brings KNX Security Back in Spotlight
