Critical Vulnerability Discovered in ABB Totalflow Systems Used in Oil and Gas Sector
Cybersecurity experts have revealed a significant vulnerability affecting systems employed by organizations within the oil and gas industry, which presents an opportunity for attackers to inject and execute arbitrary code. This high-severity flaw is cataloged as CVE-2022-0902, carrying a Common Vulnerability Scoring System (CVSS) score of 8.1. Specifically, the issue pertains to a path traversal vulnerability found in ABB’s Totalflow flow computers and remote controllers.
According to an analysis by Claroty, an industrial security firm, this vulnerability allows attackers to gain root access on an ABB flow computer, enabling them to read and write files and execute code remotely. Such capability not only poses a risk to the integrity of the data but also has far-reaching implications for the operational reliability of essential services within the sector.
ABB, a Swedish-Swiss industrial automation company, confirmed the release of firmware updates on July 14, 2022, in response to the responsible disclosure of this vulnerability. Flow computers play a critical role for petrochemical manufacturers by interpreting data from flow meters, calculating, and recording the volume of hydrocarbons like natural gas and crude oil. These measurements are vital for process safety and financial transactions related to commodity trade.
The vulnerability itself stems from a flaw in ABB’s implementation of the Totalflow TCP protocol, which is used for remote configuration of the devices. Specifically, the issue exists within a feature that allows for importing and exporting configuration files. An attacker could exploit an authentication bypass vulnerability to circumvent security passcodes, allowing for the unauthorized upload of files.
If left unaddressed, exploitation of this vulnerability could have detrimental effects, potentially allowing malicious actors to disrupt the flow measurement processes. Such disruptions could impede invoicing and even lead to interruptions in service, drawing parallels to the repercussions faced by Colonial Pipeline after its ransomware attack in 2021.
In analyzing the MITRE ATT&CK framework, various tactics and techniques could be relevant to this scenario. Initial access through exploitation of the path traversal flaw highlights the critical need for enhanced security measures. Additionally, techniques enabling privilege escalation and persistence further demonstrate the potential risk presented by this severity of vulnerability.
In conclusion, the discovery of CVE-2022-0902 underscores the pressing need for operational technology systems within the oil and gas sector to maintain strong cybersecurity protocols. As organizations continue to rely on technology for efficient operations, awareness of cybersecurity risks and prompt application of updates are essential for safeguarding crucial infrastructures.
For ongoing updates regarding cybersecurity threats and vulnerabilities, interested parties are encouraged to engage with platforms dedicated to these issues, including Google News, Twitter, and LinkedIn.