OTORIO’s Pen-Testers discovered more than 20 vulnerabilities in a popular Industrial Remote Access Solution
March 2021 by OTORIO
As more companies rely on remote access systems to maintain production, discovering remote access vulnerabilities becomes a top priority. OTORIO’s Pen-Testers have recently found more than 20 critical security flaws in a popular industrial remote access solution, MBConnect. Attackers can take advantage of the vulnerabilities to shut down industrial production floors, break into company networks, tamper with data, or steal sensitive business information.
OTORIO’s Pen-Tester gain full access to MBConnect’s servers
OTORIO’s Research penetration testers (PT) performed a penetration test for one of its customers. The customer used MBConnect’s web-based remote access service (mbConnect24) as their primary remote access solution.
During the test, OTORIO’s PT detected vulnerabilities in the MBConnect solutions. Some detected vulnerabilities can be exploited by unauthenticated users, while others require authentication.
The team managed to take over the mbConnect24 servers and gained full access to all information stored on those servers, including customer-sensitive information and sensitive MBConnect data such as source code. Taking over the mbConnect24 servers is only one of several potential attack techniques found by the team.
Attackers can take advantage of the MBConnect vulnerabilities to cause severe damage, including:
Block remote access to hundreds of different MBConnect customers’ production floors by causing a denial of service in MBConnect devices.
Ex filtrate sensitive customer information and personal data.
Access MBConnect’s sensitive data, including source code, SQL files, and script files.
Control web pages in the MBConnect’s website, facilitating targeted phishing attacks, aiming to steal MBConnect’s customers’ credentials. Attackers can use the stolen credentials, together with additional detected vulnerabilities, to connect to customer’s production floors and cause severe damage.
Organizations should react quickly to known vulnerabilities
A recent Gartner report measured the time it takes attackers to exploit a vulnerability from the day it was announced. The study found that the average time-to-exploit of a vulnerability has dropped significantly from over 30 days in 2016 to just 2.5 days in 2019. It means that organizations should quickly react to known vulnerabilities and follow their system providers’ advice and guidance to avoid potential breaches to their production facilities.
OTORIO works alongside leading vendors such as MBConnect to ensure that attackers do not gain the ability to impact OT assets through the internet and that daily operations and productivity remain safe and efficient.
OTORIO also develops secure-by-design remote access solutions, utilizing OTORIO’s research team’s deep expertise and OTORIO’s Pen-Testers vast experience.