A new vulnerability was recently discovered by cybersecurity researchers, in systems used across oil and gas organisations. If it were to fall in the wrong hands, this vulnerability could be exploited to inject and execute arbitrary code.
The high-severity issue, tracked as CVE-2022-0902, has received a CVSS score of 8.1 and is a path traversal flaw, first noticed in ABB computers and remote controllers. Flow computers specialize on calculating volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.
Put simply, the vulnerability identified by Claroty exists in ABB’s implementation of its proprietary Totalflow TCP based protocol, which is utilized to remotely configure the computers.
A malicious actor could potentially exploit this issue and bypass authentication, only to proceed to uploading arbitrary files. Attackers could seize control of the devices and prevent their ability to properly record oil and gas flow rates.
The Swedish-Swiss industrial automation company has addressed the issue and released firmware updates.
Consequences of an Attack
Vera Mens, one of Claroty`s researchers, claims that, in the event of a successful exploit of this vulnerability, the company would be greatly affected, from blocking its ability to bill customers to forcing a disruption of services, comparable to the consequences suffered by Colonial Pipeline following its ransomware attack back in 2021. In that instance, the company was forced to shut down after being hit by ransomware in a clear demonstration of the vulnerability of the energy infrastructure when confronted with cyberattacks.
Comments