Discovered - High Risk Vulnerabilities Affecting A Leading Building Management System

An independent cyber security consultancy, Prism Infosec,  has recently announced that it has identified two high risk vulnerabilities within the Aspect Control Engine Building Management System (BMS) developed by the major international process, design and automation company, ABB.   

The two vulnerabilities affect versions prior to 3.07.01 and could result in remote code execution (RCE), and privilege escalation within the Aspect Control Engine software, potentially giving an attacker complete control over the BMS. 

Both have been reported and logged as Common Vulnerabilities and Exposures (CVEs). ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and network management functions with Internet connectivity and web serving capabilities. 

Consequently, users can view system status, override setpoints and schedules, and more over desktop, laptop or mobile phone devices.

During a recent security testing engagement on behalf of a client, Prism Infosec discovered an ABB Aspect appliance and that the BMS was misconfigured to be publicly available over the internet. Usually such administrative interfaces should not be made externally accessible and in instances where this cannot be avoided a secondary layer of authentication should be used, such as VPN or IP address whitelisting together with further access controls such as multi-factor authentication (MFA). 

The Prism Infosec team gained initial access to the administrative interface by using the default credentials documented in the Aspect Control Engine’s publicly available user manual. The team then found that the Network Diagnostic function of the Aspect appliance was vulnerable to RCE which allowed them to gain access via a reverse-shell to the underlying Linux Operating System and associated internal network infrastructure. 

Once initial access was achieved, a check against the privileges revealed that the software was running as the ‘Apache’ user, a relatively low-level user with limited functionality. The Prism Infosec team then identified an unintended privilege escalation vulnerability, built into the underlying operating system of the ABB appliance, which would allow the user to escalate their access privileges to a root level account.

“We made the client aware of our findings and disclosed the software vulnerabilities to ABB shortly after. It was impressive how quickly both parties acknowledged and acted upon these issues, from the client ensuring these levels of access were disabled to ABB patching and releasing an update and advisory to their clients" commnented Phil Robinson, Principal Consultant and Founder of Prism Infosec

“It goes to show how well responsible disclosure can work when consultants and vendors are both on the same page and put security first,” Robinson added

You Might Also Read:  

The Need For OT-centric Cyber Security Strategies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« The Netherlands To Restrict Computer Chip Equipment Exports To China
Malvertising Proliferates As Half Of Online Ads Are Now AI Generated  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

AlertFusion

AlertFusion

AlertFusion is a platform that makes security operations more effective. It complements existing tools and technologies, unifies operations, enhances process maturity and drives efficiencies.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Dotsquares

Dotsquares

Dotsquares leverage the latest web and mobile technologies to build, grow and support your business.