Discovered - High Risk Vulnerabilities Affecting A Leading Building Management System

Uploaded on 2023-07-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Consulting, BUSINESS-Production-Manufacturing

An independent cyber security consultancy, Prism Infosec,  has recently announced that it has identified two high risk vulnerabilities within the Aspect Control Engine Building Management System (BMS) developed by the major international process, design and automation company, ABB.   

The two vulnerabilities affect versions prior to 3.07.01 and could result in remote code execution (RCE), and privilege escalation within the Aspect Control Engine software, potentially giving an attacker complete control over the BMS. 

Both have been reported and logged as Common Vulnerabilities and Exposures (CVEs). ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and network management functions with Internet connectivity and web serving capabilities. 

Consequently, users can view system status, override setpoints and schedules, and more over desktop, laptop or mobile phone devices.

During a recent security testing engagement on behalf of a client, Prism Infosec discovered an ABB Aspect appliance and that the BMS was misconfigured to be publicly available over the internet. Usually such administrative interfaces should not be made externally accessible and in instances where this cannot be avoided a secondary layer of authentication should be used, such as VPN or IP address whitelisting together with further access controls such as multi-factor authentication (MFA). 

The Prism Infosec team gained initial access to the administrative interface by using the default credentials documented in the Aspect Control Engine’s publicly available user manual. The team then found that the Network Diagnostic function of the Aspect appliance was vulnerable to RCE which allowed them to gain access via a reverse-shell to the underlying Linux Operating System and associated internal network infrastructure. 

Once initial access was achieved, a check against the privileges revealed that the software was running as the ‘Apache’ user, a relatively low-level user with limited functionality. The Prism Infosec team then identified an unintended privilege escalation vulnerability, built into the underlying operating system of the ABB appliance, which would allow the user to escalate their access privileges to a root level account.

“We made the client aware of our findings and disclosed the software vulnerabilities to ABB shortly after. It was impressive how quickly both parties acknowledged and acted upon these issues, from the client ensuring these levels of access were disabled to ABB patching and releasing an update and advisory to their clients" commnented Phil Robinson, Principal Consultant and Founder of Prism Infosec

“It goes to show how well responsible disclosure can work when consultants and vendors are both on the same page and put security first,” Robinson added

You Might Also Read:  

The Need For OT-centric Cyber Security Strategies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« The Netherlands To Restrict Computer Chip Equipment Exports To China
Malvertising Proliferates As Half Of Online Ads Are Now AI Generated  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

SK-CERT

SK-CERT

SK-CERT National Computer Computer Emergency Response Team of Slovakia.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

CERT Bulgaria (CERT.BG)

CERT Bulgaria (CERT.BG)

CERT Bulfaria is the National Computer Security Incidents Response Team for Bulgaria.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

Port-IT

Port-IT

Port-IT is a leading partner in cybersecurity solutions tailored for the maritime industry.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

Kaavalan

Kaavalan

Kaavalan was founded with a mission and a vision to protect you against cyber threats in the connected world.