"Critical Vulnerabilities Found in AUVESY Product Used by Major Industrial Firms"
Researchers at the industrial cybersecurity firm Claroty discovered 17 types of vulnerabilities in the Versiondog data management product made by Germany-based AUVESY. The flaws, which have now been patched by the vendor, affected Versiondog, a product that provides automatic backup and version control capabilities, and can be integrated into various industrial systems. The vendor's site revealed that this product has been used by companies such as Nestle, Coca-Cola, Kraft Foods, and many automotive giants. Some of the largest industrial enterprises run Versiondog to store and document software versions automatically, and back up data that can be compared to current error-free versions to ensure plants run efficiently. The disruption or manipulation of information handled by the product poses significant risks to the safety and integrity of an industrial process. Versiondog was found to contain vulnerabilities that can allow remote attackers to evade detection, elevate privileges, access hardcoded cryptographic keys, manipulate files, cause denial-of-service (DoS), and more. These security holes were found in Versiondog's OS Server API, Scheduler, and WebInstaller components. This article continues to discuss the severity, potential exploitation, and disclosure of the critical vulnerabilities in Versiondog.