Prajitesh Singh, a senior researcher at Cyble Research & Intelligence Labs, detected a crucial Cross-Site Scripting Vulnerability (CVE-2023-6333) in ControlByWeb’s X-301 and X-332 web-enabled Ethernet I/O modules. These modules hold key roles in Critical Infrastructure sectors, heightening the potential impact of cyber threats on crucial systems.
Cyble partnered with the vendor to disclose these findings and jointly submitted the information to the Cybersecurity and Infrastructure Security Agency (CISA) using the Vulnerability Information and Coordination Environment (VINCE) platform for the Coordinated Vulnerability Disclosure (CVD) program.
The severity of the (CVE-2023-6333) vulnerability prompted its categorization as “high-severity” by CISA, highlighting its criticality and associated risks.
Decoding ControlByWeb Vulnerability
These impacted products serve as essential components across Multiple Critical Infrastructure sectors, with diverse industrial applications spanning motor control, lighting, coil management, pump regulation, valve operation, belt control, and more. Potential compromises in these systems could trigger a spectrum of severe consequences, from financial setbacks to the disruption of vital supply chains.
Furthermore, vulnerabilities in these products could provide malicious actors with avenues to manipulate these systems, leading to physical infrastructure damage and endangering the safety of operators involved.
A prime illustration of malicious actors’ keenness to compromise analogous systems emerged from the recent assault on the Municipal Water Authority of Aliquippa in western Pennsylvania.
This incident was linked to CyberAv3ngers, an Iranian-backed cyber group, spotlighting their persistent pursuits in actively seeking fresh avenues to disrupt national services. Their focus particularly revolves around exploiting vulnerabilities and misconfigurations present in Industrial Control System (ICS) assets.
Should an attack successfully breach these systems within an Operational Technology (OT) environment, the repercussions can be severe for the organization, national critical infrastructure, global supply chains, and the physical safety of engineers, operators, and heavy machinery alike.
Mitigation Against the ControlByWeb Vulnerability
Ensuring the security of these critical systems hinges on embracing a proactive approach against threats. Organizations can achieve this by adopting platforms like ODIN, specifically designed to furnish real-time threat intelligence. Such tools aid users in scanning internet-exposed assets, providing actionable insights that flag potentially vulnerable systems and products susceptible to targeting by malicious actors, ultimately safeguarding against potential compromises.
Empowered by these insights, organizations can proactively address these products by rectifying identified vulnerabilities, implementing patches, deploying software updates, and disseminating information to their user base and relevant authorities. This promotes an atmosphere of collaborative information sharing and joint efforts to tackle potential threats.
Singh emphasizes the collective impact of compromised critical products, stressing that the ramifications transcend individual organizations, industries, or nations. Given their integral role in the global economy, national security, international trade, and manufacturing, ensuring the continued security of these sectors is a universal concern. This imperative involves a collaborative effort encompassing entities from public organizations like CISA to OT/IT component manufacturers and all stakeholders in between.
Cyble remains vigilant in its pursuit of vulnerabilities across exposed products, utilizing proprietary AI and ML algorithms embedded in all Cyble products. This proactive approach allows us to detect and report potential threats in real-time, often identifying issues before exploitation occurs.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.