Tag Archive for: Remote

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking

/in


Several vulnerabilities discovered in the ScrutisWeb ATM fleet monitoring software made by French company Iagona could be exploited to remotely hack ATMs. 

The security holes were discovered by Synack Red Team members and they were patched by the vendor in July 2023 with the release of ScrutisWeb version 2.1.38. 

ScrutisWeb allows organizations to monitor banking or retail ATM fleets from a web browser, enabling them to quickly respond to problems. The solution can be used to monitor hardware, reboot or shut down a terminal, send and receive files, and modify data remotely. It’s worth noting that ATM fleets can include check deposit machines and payment terminals in a restaurant chain. 

The Synack researchers identified four types of vulnerabilities that have been assigned the CVE identifiers CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189. 

The flaws include path traversal, authorization bypass, hardcoded cryptographic key, and arbitrary file upload issues that can be exploited by remote, unauthenticated attackers.

Threat actors could exploit the flaws to obtain data from the server (configurations, logs and databases), execute arbitrary commands, and obtain encrypted administrator passwords and decrypt them using a hardcoded key. 

The researchers said an attacker can leverage the flaws to log into the ScrutisWeb management console as an admin and monitor the activities of connected ATMs, enable management mode on the devices, upload files, and reboot or power them off.

Advertisement. Scroll to continue reading.

Hackers could also exploit the remote command execution vulnerability to hide their tracks by deleting relevant files.

“Additional exploitation from this foothold in the client’s infrastructure could occur, making this an internet-facing pivot point for a malicious actor,” explained Neil Graves, one of the researchers involved in this project.

“Further examination would be required to determine if custom software could be uploaded to individual ATMs to perform bank card exfiltration, Swift transfer redirection, or other malicious activities. However, such additional testing was out of scope of the assessment,” Graves said.

The US…

Source…

Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance

/in


May 12, 2023Ravie LakshmananNetwork Security / Malware

Netgear

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

“Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic,” Claroty security researcher Uri Katz said in a report.

Additionally, a network-adjacent threat actor could also weaponize the flaws to access and control networked smart devices like security cameras, thermostats, smart locks; tamper with router settings, and even use a compromised network to launch attacks against other devices or networks.

Cybersecurity

The list of flaws, which were demonstrated at the Pwn2Own hacking competition held at Toronto in December 2022, is as follows –

  • CVE-2023-27357 (CVSS score: 6.5) – Missing Authentication Information Disclosure Vulnerability
  • CVE-2023-27368 (CVSS score: 8.8) – Stack-based Buffer Overflow Authentication Bypass Vulnerability
  • CVE-2023-27369 (CVSS score: 8.8) – Stack-based Buffer Overflow Authentication Bypass Vulnerability
  • CVE-2023-27370 (CVSS score: 5.7) – Device Configuration Cleartext Storage Information Disclosure Vulnerability
  • CVE-2023-27367 (CVSS score: 8.0) – Command Injection Remote Code Execution Vulnerability
Netgear

A proof-of-concept (PoC) exploit chain illustrated by the industrial cybersecurity firm shows that it’s possible to string the flaws — CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370, and CVE-2023-27367 (in that order) — to extract the device serial number and ultimately obtain root access to it.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

“These five CVEs can be chained together to compromise affected RAX30 routers, the most severe of which enable pre-authentication remote code execution on the device,” Katz noted.

Users of Netgear RAX30 routers are advised to update to firmware version 1.0.10.94 released by the networking company on April 7, 2023, to…

Source…

FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking

/in


The US government is notifying healthcare providers and lab personnel about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking.

On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) issued public notifications to inform organizations about the vulnerabilities affecting the Universal Copy Service (UCS) component used by several of Illumina’s genetic sequencing instruments. 

The vendor has released patches and mitigations, and published its own advisory to inform customers about the steps they have to take to prevent potential exploitation. 

The FDA said it was not aware of any attacks exploiting the vulnerabilities in the wild, but warned that a hacker could exploit them to remotely take control of a device, or to alter configurations, settings, software or data on the device or the user’s network. 

The FDA also warned that exploitation of the vulnerabilities could also impact “genomic data results in the instruments intended for clinical diagnosis, including causing the instruments to provide no results, incorrect results, altered results, or a potential data breach”.

CISA’s advisory reveals that Illumina Universal Copy Service is affected by a critical vulnerability, tracked as CVE-2023-1968, related to binding to an unrestricted IP, which can allow an unauthenticated attacker to abuse the component to listen on all IPs, including ones that accept remote connections.

The second flaw, CVE-2023-1966, is related to unnecessary privileges that can allow an unauthenticated hacker to remotely upload and execute code at the OS level.

Illumina’s iScan, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq, and NovaSeq products are affected by the vulnerabilities. These products, used worldwide in the healthcare sector, are designed for clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or for research purposes.

“On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability,” the FDA said in…

Source…

Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking

/in


A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. 

Cyber offensive researcher Rustam Amin informed the US Cybersecurity and Infrastructure Security Agency (CISA) that he had identified critical and high-severity vulnerabilities in Econolite EOS, a traffic controller software developed for the Econolite Cobalt and other advanced transportation controllers (ATC).

The California-based vendor’s website says it has deployed more than 360 systems, 150,000 traffic cabinets, 120,000 traffic controllers, and over 160,000 sensors. In December 2022, the company reported reaching more than 10,000 installations of its EOS software. 

Amin discovered two types of vulnerabilities. One, rated ‘critical severity’ and tracked as CVE-2023-0452, has been described by CISA as an issue related to the use of a weak algorithm for hashing privileged user credentials. 

“A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians,” CISA said in its advisory.

The second issue, tracked as CVE-2023-0452 and rated ‘high severity’, is an improper access control issue. An attacker can view log, database and configuration files that can contain username and password hashes for users, including administrators and technicians. 

These vulnerabilities can allow a remote, unauthenticated attacker to gain full control of traffic control functions. 

Amin has conducted an internet search to see how many EOS systems are exposed to attacks from the web. He told SecurityWeek that he identified roughly 50 exposed controllers that are running older firmware. These systems are not affected by the flaws he discovered, but they are still not secure. 

In addition, he discovered approximately 30 controllers running 2018-2020 versions of the EOS software and these systems are vulnerable to remote attacks.

He also found roughly 500 instances of associated devices that can be found in the affected controllers’ proximity, including routers and cameras, which…

Source…