TelcoNews Australia - Telecommunications news for ICT decision-makers
Story image

Nozomi uncovers critical flaws in Advantech networks gear

Thu, 28th Nov 2024

Nozomi Networks has uncovered vulnerabilities in products from Advantech, including industrial-grade wireless access points used across various sectors.

These vulnerabilities, as detailed in a recent analysis by Nozomi Networks Labs, affect Advantech's EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO models. The access points, which are utilised for Wi-Fi connectivity in challenging environments like manufacturing and logistics, were found susceptible to unauthorised remote code execution, potentially compromising device security.

Unauthenticated attackers exploiting such vulnerabilities could gain root privileges, endangering the confidentiality, integrity, and availability of these devices. Nozomi Networks identified 20 vulnerabilities, each assigned a unique CVE identifier, highlighting the serious risk posed to critical infrastructure.

Advantech has responded by releasing updated firmware versions—specifically, v1.6.5 for the EKI-6333AC-2G and EKI-6333AC-2GD models and v1.2.2 for the EKI-6333AC-1GPO model. Asset owners in Australia and New Zealand are urged to implement these updates to safeguard their networks.

Detailed examination of the vulnerabilities indicates two primary attack vectors. The first involves direct interaction with the access point over a network, enabling attackers to send malicious requests. The second vector involves over-the-air attacks, allowing an adversary to execute code likely from a nearby physical location.

This proximity-based threat underscores the capability of malicious users to establish persistent access, launch Denial of Service (DoS) attacks, and facilitate lateral movement. Achieving code execution on a device can enable the creation of backdoors, maintain persistent network access, and potentially interrupt production lines by affecting network-dependent systems.

Nozomi Networks highlighted a specific over-the-air attack scenario where two vulnerabilities were chained together. This involved exploiting 'CWE-79 – Improper Neutralisation of Input During Web Page Generation (Cross-Site Scripting)' (CVE-2024-50376) and 'CWE-78 – Improper Neutralisation of Special Elements Used in an OS Command' (CVE-2024-50359). This attack vector, utilising rogue access points, is sophisticated as it requires physical proximity but not internal network access, posing a unique threat to industrial facilities.

The combined vulnerabilities demonstrate how special characters in beacon frames can be leveraged maliciously without network connection, thereby prompting the injection of arbitrary JavaScript code in web applications accessed by network administrators. Such exploitation could lead to aggressive commands orchestrated through manipulated devices, expanding control over the network.

Post-reporting, Advantech's swift release of updated firmware is intended to mitigate these risks. Stakeholders are advised to apply these fixes to prevent potential exploitation through devices inherent to their operational networks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X