Vulnerabilities in Industrial IoT Platform solution identified and resolved by Kaspersky Lab

Kaspersky Lab

ThingsPro Suite – an industrial IoT platform, designed for industrial control systems (ICS) data acquisition and remote analysis, was diagnosed with seven previously unknown vulnerabilities. These were identified by Kaspersky Lab ICS CERT security researchers who have been conducting a pre-conceptual study of the product over the last two weeks. They maintain that the most severe could allow a remote attacker to execute any command on the target IIoT gateway. Another could allow attackers to gain root privileges, using which they could change the device’s configuration. The biggest risk was that this exploitation could be automated, so cybercriminals could automatically compromise multiple Moxa ThingsPro IoT gateways in different enterprises, even gain access to industrial networks of the organizations. However, Kaspersky Lab experts have patched these through platform developer Moxa. The risk was high since some of these vulnerabilities could potentially allow highly privileged access to industrial IoT gateways

ThingsPro Suite is an industrial internet of things platform that automatically gathers data from Operational Technology (OT) devices running at the industrial facility and submits it to an IoT cloud for further analysis. But while it eases IoT integration and maintenance, they can create risks, unless they are developed and integrated with adequate security solutions. Since it works as a connecting point between IT and OT security domains, vulnerabilities here could potentially allow attackers to gain access to the entire industrial network.

They have advised companies the following for keeping their IIoT platforms safe:

Restricted access of IoT gateway devices to components of the enterprise’s OT and IT networks

Restricted access to IoT gateway devices from the enterprise network and the net

Regular monitoring of remote access to the OT network, and the access to individual ICS components (workstations, servers, and other equipment) inside the OT network

Enterprise and OT network perimeter security by solutions designed to analyze network traffic, detect and prevent network attacks

Dedicated solutions to monitor and perform deep analysis of network traffic on the OT network to  detect attacks on industrial equipment;

Ensure the security of hosts on the enterprise’s IT and OT networks using solutions

Provide cyber-hygiene training to employees, partners, and suppliers connected to the enterprise’s OT network.