Team82 has developed a novel technique called the Evil PLC Attack in which programmable logic controllers (PLCs) are weaponized and used to compromise engineering workstations. An attacker with a foothold on an engineering workstation can have access to anything else on the OT network to which an engineer connects that machine, including other PLCs.
CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'):
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
MICROSENS recommends users to update to NMP Web+ Version 3.3.0 for Windows and Linux
CVSS v3: 9.8
CWE-613 INSUFFICIENT SESSION EXPIRATION:
The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.
MICROSENS recommends users to update to NMP Web+ Version 3.3.0 for Windows and Linux.
CVSS v3: 7.5
CWE-547 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS:
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
MICROSENS recommends users to update to NMP Web+ Version 3.3.0 for Windows and Linux
CVSS v3: 9.1
CWE-89 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION'):
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries.
ControlID has released the following versions for users to update to iDSecure On-premises: Version 4.7.50.0
CVSS v3: 9.1
CWE-918 SERVER-SIDE REQUEST FORGERY (SSRF):
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.
ControlID has released the following versions for users to update to iDSecure On-premises: Version 4.7.50.0.
CVSS v3: 7.5
