Several vulnerabilities discovered by a researcher from industrial cybersecurity firm TXOne Networks in a Weintek product could have been exploited to manipulate and damage industrial control systems (ICS).
The security holes impact Taiwan-based Weintek’s Weincloud, a cloud-based product designed for remotely managing human-machine interfaces (HMIs) and operations.
According to CISA, which recently published an advisory to inform organizations about these vulnerabilities, the affected product is used by organizations worldwide, particularly in the critical manufacturing sector.
The vulnerabilities were patched by Weintek with an account API update and no action is required from users. Hank Chen, the TXOne researcher credited for finding the flaws, has confirmed for SecurityWeek that exploitation no longer appears possible.
Four types of security holes have been found in Weintek Weincloud, three of which have been assigned ‘high severity’ ratings.
One of them could have been exploited to reset an account’s password by using the corresponding JWT token. Another issue could have been leveraged to log in with testing credentials to the official website by abusing the registration functionality. The third high-severity flaw could be used to cause a DoS condition.
The fourth issue, classified as ‘medium severity’, could have been exploited for brute-force attacks.
Chen told SecurityWeek that under specific — but commonly found — circumstances an attacker could have exploited the vulnerabilities to take complete control of Weincloud instances. Since this is a cloud-based product, remote exploitation from the internet was possible.
“Attackers gain the ability to transfer control of HMIs from the compromised account to their own accounts. Once they gain control of the HMIs, they can manipulate them to control PLCs (programmable logic controllers) and damage field devices,” the researcher explained.
Chen pointed out that these types of vulnerabilities are not specific to Weintek products. TXOne researchers have identified other cloud-based ICS products that are vulnerable to the same type of attacks.
TXOne is presenting its research at the ICS Village at DEF CON 31 next month.
“We want to emphasize the increasing trend of ICS solutions and applications migrating to the cloud, which brings along diverse security concerns similar to those addressed in this [CISA] advisory,” Chen said.