Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code.
The high-severity issue, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers.
"Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code," industrial security company Claroty said in a report shared with The Hacker News.
ABB, a Swedish-Swiss industrial automation firm, has since released firmware updates as of July 14, 2022, following responsible disclosure.
Flow computers are specialized computers that calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. These machines take liquid or gas measurements that are not only vital to process safety, but are also used as inputs by other processes—alarms, logs, configurations—and therefore require accuracy to ensure reliability. These capabilities are described in the American Gas Association’s AGA Report No. 9.
One other important aspect to the role of flow computers within a utility is billing. The most noteworthy and related security incident was the ransomware attack against Colonial Pipeline, which impacted enterprise systems, and forced the company to shut down production because it could not bill customers. Disrupting the operation of flow computers is a subtle attack vector that could similarly impact not only IT, but also OT systems; this led us to research the security of these machines.
#Vulnerability #Analysis #Forensics