Discovered - High Risk Vulnerabilities Affecting A Leading Building Management System

Uploaded on 2023-07-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Consulting, BUSINESS-Production-Manufacturing

An independent cyber security consultancy, Prism Infosec,  has recently announced that it has identified two high risk vulnerabilities within the Aspect Control Engine Building Management System (BMS) developed by the major international process, design and automation company, ABB.   

The two vulnerabilities affect versions prior to 3.07.01 and could result in remote code execution (RCE), and privilege escalation within the Aspect Control Engine software, potentially giving an attacker complete control over the BMS. 

Both have been reported and logged as Common Vulnerabilities and Exposures (CVEs). ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and network management functions with Internet connectivity and web serving capabilities. 

Consequently, users can view system status, override setpoints and schedules, and more over desktop, laptop or mobile phone devices.

During a recent security testing engagement on behalf of a client, Prism Infosec discovered an ABB Aspect appliance and that the BMS was misconfigured to be publicly available over the internet. Usually such administrative interfaces should not be made externally accessible and in instances where this cannot be avoided a secondary layer of authentication should be used, such as VPN or IP address whitelisting together with further access controls such as multi-factor authentication (MFA). 

The Prism Infosec team gained initial access to the administrative interface by using the default credentials documented in the Aspect Control Engine’s publicly available user manual. The team then found that the Network Diagnostic function of the Aspect appliance was vulnerable to RCE which allowed them to gain access via a reverse-shell to the underlying Linux Operating System and associated internal network infrastructure. 

Once initial access was achieved, a check against the privileges revealed that the software was running as the ‘Apache’ user, a relatively low-level user with limited functionality. The Prism Infosec team then identified an unintended privilege escalation vulnerability, built into the underlying operating system of the ABB appliance, which would allow the user to escalate their access privileges to a root level account.

“We made the client aware of our findings and disclosed the software vulnerabilities to ABB shortly after. It was impressive how quickly both parties acknowledged and acted upon these issues, from the client ensuring these levels of access were disabled to ABB patching and releasing an update and advisory to their clients" commnented Phil Robinson, Principal Consultant and Founder of Prism Infosec

“It goes to show how well responsible disclosure can work when consultants and vendors are both on the same page and put security first,” Robinson added

You Might Also Read:  

The Need For OT-centric Cyber Security Strategies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« The Netherlands To Restrict Computer Chip Equipment Exports To China
Malvertising Proliferates As Half Of Online Ads Are Now AI Generated  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service — basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

Pires Investments

Pires Investments

Pires is building an investment portfolio of high-tech businesses across areas such as Artificial Intelligence, Internet of Things, Cyber Security and Augmented/Virtual Reality.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.