"Critical Flaws in Kepware Products Can Facilitate Attacks on Industrial Firms"
The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) recently published advisories about vulnerabilities in Kepware products discovered by researchers at the industrial cybersecurity firm Claroty. One of the advisories discusses three of the flaws, two of which are rated critical, and one considered high in severity. These vulnerabilities are described as a stack-based overflow, a heap-based buffer overflow, and a use-after-free bug. The exploitation of the critical vulnerabilities could lead to server crashes, data leakage, remote code execution, and a Denial-of-Service (DoS) condition. An attacker could abuse the high-severity bug to crash the server by creating and closing OPC UA connections at a high rate. According to Uri Katz, a senior researcher at Claroty, the vulnerabilities were discovered in KEPServerEX, ThingWorx, and OPC-Aggregator OPC products. Attackers must have network access to the OPC server to exploit these flaws. Research has shown that the flaws can be exploited remotely without authentication. This article continues to discuss the discovery, exploitation, and potential impact of the critical flaws in Kepware products.