Eran Jacob, team leader of the security research team at Otorio, and Roni Gavrilov, security researcher, warn that the vulnerabilities are critical as they can be used to exploit thousands of industrial Internet of Things (IIoT) devices and networks in a variety of sectors, even though they affect devices from only three vendors, namely Sierra Wireless AirLink, Teltonika Networks RUT, and InHand Networks InRouter.
“Breaching of these devices can bypass all of the security layers in common deployments, as IIoT devices are commonly connected both to the Internet and the internal OT network[…]It also raises additional risk for propagation to additional sites through the built-in VPN,” the researchers said.
The researchers added that in case the attackers acquire a direct connection to the internet OT environment, it may further impact production and pose safety risks for users in their virtual environment.
Attackers can also use a variety of vectors to take advantage of the flaws, according to the researchers, including compromising devices in the production network to enable unauthorized access and control with root privileges, gaining root access through a reverse shell, and using compromised devices to exfiltrate sensitive data and carry out actions like shutdown.