Recent security analyses have uncovered critical vulnerabilities within several platforms, notably the Honeywell Experion Distributed Control System (DCS) and QuickBlox, both of which pose substantial risks if exploited. The identified flaws have raised alarms for stakeholders, given the potential for severe system compromises.
The vulnerabilities, collectively known as Crit.IX, encompass nine distinct weaknesses within the Honeywell Experion DCS. According to cybersecurity firm Armis, these flaws enable unauthorized remote code execution. This capability effectively allows attackers to commandeer the DCS controller’s functionalities while concealing their manipulations from the engineering workstation responsible for oversight. The issues primarily stem from inadequate encryption and authentication mechanisms within a proprietary communication protocol called Control Data Access (CDA), which facilitates interaction between Experion servers and C300 controllers.
Tom Gol, CTO of Research at Armis, emphasized that compromised CDA protocols enable network users to impersonate both servers and controllers, thus threatening data integrity and operational safety. Furthermore, inherent design flaws within the CDA protocol complicate the delineation of data boundaries, potentially leading to buffer overflow vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded to these findings, highlighting that seven of the nine vulnerabilities possess a CVSS score of 9.8, indicating critical severity. The remaining two flaws are rated at 7.5. CISA has warned that successful exploitation could lead to denial-of-service situations, privilege escalation, or further unauthorized remote access to systems.
In a parallel investigation, cybersecurity firms Check Point and Claroty identified significant vulnerabilities in QuickBlox, a chat and video calling platform prevalent in sectors such as telemedicine and smart IoT devices. The flaws could permit attackers to exfiltrate sensitive user databases across multiple applications utilizing QuickBlox software development kits (SDKs) and application programming interfaces (APIs).
Among the affected entities is Rozcom, an Israeli company providing intercom solutions. Investigations into Rozcom’s mobile app revealed additional vulnerabilities—including CVE-2023-31184 and CVE-2023-31185—that could allow attackers to seize control of user accounts, impersonate users, and download complete user databases. Researchers conveyed that successful exploitation granted them complete control over Rozcom’s intercom devices, enabling unauthorized access to cameras and microphones, as well as control over connected doors.
Additional vulnerabilities disclosed this week involve remote code execution flaws in Aerohive/Extreme Networks access points running HiveOS/Extreme IQ Engine versions prior to 10.6r2, alongside an open-source library called Ghostscript (CVE-2023-36664, CVSS score: 9.8), both of which could lead to arbitrary command execution.
Furthermore, security issues have surfaced in two Golang-based open-source platforms, Owncast (CVE-2023-3188, CVSS score: 6.5) and EaseProbe (CVE-2023-33967, CVSS score: 9.8), which are susceptible to Server-Side Request Forgery (SSRF) and SQL injection attacks, respectively. Finally, hard-coded credentials have been identified in Technicolor TG670 DSL gateway routers, raising serious concerns about unauthorized administrative control through default login information.
Cybersecurity experts advise users to disable remote administration on their devices to mitigate risks and to verify with service providers for any available patches or updates. It is crucial that businesses assess their vulnerability exposure and remain vigilant to counter potential threats posed by these newly disclosed vulnerabilities.
