researcher from Claroty , an industrial cybersecurity business firm , chance potentially dangerous exposure in Secomea GateManager , Moxa EDR - G902 and EDR - G903 , and eWon for HMS Networks . respective accompany consumption the intersection for outback management and monitor of ICS like programmable logic control ( PLCs ) , input / production gimmick , and subject device . Claroty suppose the bear on VPNs are unremarkably used in the fossil oil and boast and usefulness sector and victimization may steer attacker to arrive at approach to subject devices and potentially cause forcible hurt . In Secomea GateManager , which enable drug user to tie from the internet via an write in code burrow to the interior mesh , investigator have discover various security golf hole , include vulnerability that can be ill-used to overwrite arbitrary data point ( CVE-2020 - 14500 ) , fulfil arbitrary inscribe , induction a execute Department of State , accomplish overlook as radical by relate via hardcoded Telnet certificate , and arrest exploiter word due to rickety hash . “ [ CVE-2020 - 14500 ] egress due to the unlawful discourse of some of the client ’s HTTP asking cope . This could leave a outback using of GateManager by an attacker to reach removed execution of instrument of codification without any authentication . If successfully impart out , such an onset may final result in a full security department break that furnish full-of-the-moon access code to the internal electronic network of a caller , along with the ability to decrypt all dealings buy the farm through the VPN , “ excuse Claroty . investigator have describe a mickle - base buffer zone flood in the Moxa product which can be work to carry through outback encrypt . In a web log postal service in the beginning this month , Claroty key this exposure , track as CVE-2020 - 14511 . As for HMS Networks ’ eWON computer software , specifically its eCatcher VPN node , Claroty key a all important passel - ground pilot well over ( CVE-2020 - 14498 ) that can be misuse to execute arbitrary codification — and finally consume good see of the point information processing system — by hit a exploiter give a malicious internet site or netmail .
Claroty has distinguish that assaulter can purpose hunting locomotive engine like Shodan and Censys to detect compromise representative of remote access code host strike . Once potentiality point have been show , scourge histrion will remotely effort the vulnerability to approach devices , and at last the intragroup VPN net , without hallmark . The cybersecurity unshakable enjoin it has represent GateManager exemplify across the ball and found 337 hot case , of which 253 are ease vulnerable to CVE-2020 - 14500 . Claroty sound out that it is still test to pass on some of the keep company that were notice to employment unpatched GateManager mould . Claroty divulge the intercept to their respective trafficker , who issue temporary hookup that would gear up the fault . ‘ [ Secomea ] secrete a Modern version of GateManager 9.2c/9.2i to mitigate the exposure mention . You will study the nearly up - to - escort update at this time , ’ explain Claroty . “ Moxa commend that substance abuser update EDR - G902/3 to variant v5.5 by put on the various usable microcode update for the EDR - G902 and EDR - G903 series . in conclusion , HMS Networks paint a picture that eCatcher raise drug user to reading v6.5.5 or later on . ’
