Connect with us

Hi, what are you looking for?



Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks

Potentially serious vulnerabilities discovered by researchers in a PiiGAB product could expose industrial organizations to remote hacker attacks.

Potentially serious vulnerabilities discovered by researchers in a PiiGAB product could expose industrial organizations to remote hacker attacks.

PiiGAB is a Sweden-based company that provides industrial and building automation hardware and software solutions. 

Researchers Floris Hendriks and Jeroen Wijenbergh conducted an in-depth security assessment of PiiGAB’s M-Bus 900s gateway/converter as part of their master’s in cybersecurity at Radboud University in the Netherlands. The product is designed for the remote monitoring of devices using the M-Bus protocol. 

“For example, the device is connected to electricity meters, water meters but also heat pumps, cooling units and PLC devices. This means that this product can be used to communicate with a large ecosystem of ICS devices,” the researchers told SecurityWeek

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an advisory describing the vulnerabilities discovered by Hendriks and Wijenbergh in the PiiGAB product.

The vendor has been notified and it has released updates that should address the security holes. 

According to the CISA advisory, the two researchers discovered nine types of vulnerabilities, including code injection, login attempt rate limiting, hardcoded and plaintext credentials, weak password, cross-site scripting (XSS), and cross-site request forgery (CSRF) issues. 

An attacker could exploit the flaws to execute arbitrary commands, launch brute-force attacks, obtain access to the system, gain elevated privileges, and trick legitimate users into executing malicious commands. A majority of the flaws have been assigned ‘critical’ or ‘high’ severity ratings. 

Advertisement. Scroll to continue reading.

“Some of the vulnerabilities do not require privileges,” the researchers explained. “For example, initially it was possible to brute force the login credentials or bypass authentication using cross site request forgeries. Other vulnerabilities, such as the code injection, can only be exploited with low privileges.”

Exploitation of the vulnerabilities against an industrial organization could have serious consequences.

“As these devices are connected to industrial control systems such as PLCs, sensors and actuators, hacking them can have significant impact on the industrial processes,” Hendriks and Jeroen Wijenbergh said. “Using the exploits, an attacker is able to remotely gain (root) control over the PiiGAB device. Consequently, an attacker can, for example, conduct network pivoting, which allows an attacker to gain access to the local industrial network.” 

“Moreover, it is also possible to monitor the network to eavesdrop credentials used for accessing other systems. Lastly, denial of service attacks and confidential data exfiltration can be conducted as well,” they added.

A Shodan search shows more than 600 internet-exposed instances of PiiGAB M-Bus, which could be vulnerable to remote attacks launched directly from the web. However, the researchers pointed out that some organizations use VPNs to mitigate potential attacks from the outside. 

“We think that this is a good way to harden the security. However, we would like to stress that the software should be secure and a VPN should be seen as a second factor,” the researchers noted. 

The Shodan search shows that the internet-exposed devices are mainly located in Sweden, as well as a few other Nordic countries, but CISA’s advisory says the impacted product is used worldwide in the energy sector. 

Related: Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid

Related: Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.