Critical Problems in Popular ICS Platform Can Trigger RCE!

Critical issues in a popular platform used by Industrial Control Systems (ICS) that allow for unauthorised device access, Remote Code Execution (RCE) or denial of service (DoS) could threaten the security of critical infrastructure.

Cisco Talos discovered 8 vulnerabilities in the Open Automation Software, 2 of them critical, that pose risk for critical infrastructure networks.

Arbitrary Code

Researcher Jared Rittle of Cisco Talos discovered a total of 8 vulnerabilities, 2 of them critical in the Open Automation Software (OAS) Platform, the most serious of which allows an attacker to execute arbitrary code on a targeted machine, according to a blog post published this week. The issues affect Open Automation Software OAS Platform, version 16.00.0112.

OAS, offered by a company of the same name makes it easy to transfer data between proprietary devices & applications, including both software & hardware.

Critical Business Processes

At its core is what’s called a Universal Data Connector, which allows the “movement & transformation of data for critical business processes like machine learning, data mining, reporting & data visualisation,” according to the OAS website.

The OAS Platform is widely used in systems in which a range of different devices & software need to communicate, which is why it’s often found in ICS to connect industrial & IoT devices, SCADA systems, network points, & custom apps & APIs, among other software & hardware. Some companies using the platform include Intel, Mack Trucks, the US Navy, JBT AeroTech & Michelin.

Critical Infrastructure at Risk

The OAS Platform’s presence in these systems is why

Read more

Explore the site

More from the blog

Latest News