"Multiple Vulnerabilities Discovered in Dataprobe's iBoot-PDUs"

Claroty’s research arm, Team82, has recently discovered several new vulnerabilities in Dataprobe’s iBoot–PDU (power distribution units).  The company released an advisory in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA).  The researchers stated that if the flaws are exploited, they pose several risks to Dataprobe, including giving control of the iBoot–PDU to attackers.  The researchers noted that PDUs are quite common in industrial environments, with some of them having remote access and control capabilities.  The researchers stated that attacking a remotely exploitable vulnerability in a PDU component, including its web-based interface or cloud-based management platform, puts an attacker in the position of disrupting critical services by cutting off the electric power to the device and everything else that may be plugged into it.  The vulnerabilities were disclosed to Dataprobe earlier this year and patched by the company.  The researchers are urging users to implement the patches.  Dataprobe is recommending users disable SNMP, telnet, and HTTP, if not in use, as mitigation against some of these vulnerabilities.

Infosecurity reports: "Multiple Vulnerabilities Discovered in Dataprobe's iBoot-PDUs"