"Several Critical Vulnerabilities Affect SmartPPT, SmartICS Industrial Products"
A security researcher named Michael Heinzl has discovered several vulnerabilities, including ones rated critical- and high-severity, in industrial products made by Elcomplus, a Russian company specializing in professional radio communications and industrial automation. The researcher discovered a total of nine vulnerabilities in Elcomplus’ SmartPTT SCADA product, which combines the capabilities of SCADA/IIoT systems with dispatch software for professional radio systems. In addition, it appears that products made by SmartICS, an Elcomplus unit that specializes in SCADA and industrial IoT visualization platforms, are also affected by some of the vulnerabilities, as they share code. The affected products are used by more than 2,000 organizations across 90 countries, including in the United States, which is why the US Cybersecurity and Infrastructure Security Agency (CISA) this week published two advisories to inform organizations about these vulnerabilities. The list of security holes includes path traversal, cross-site scripting (XSS), arbitrary file upload, authorization bypass, cross-site request forgery (CSRF), and information disclosure issues. Exploiting these vulnerabilities can allow an attacker to upload files, read or write arbitrary files on the system, obtain credentials stored in clear text, carry out various actions on behalf of a user, execute arbitrary code, and elevate privileges to access admin functionality. In some cases, exploitation requires authentication or user interaction. Michael reported the vulnerabilities to the vendor through CISA in April 2021. While the vendor has not been very responsive, it appears that it did release patches by the end of 2021.