Top Highlights
- Novakon’s industrial control system products, specifically their HMIs, are affected by multiple serious vulnerabilities including buffer overflows, directory traversal, weak authentication, and missing protections, with no patches released.
- These vulnerabilities can be exploited remotely without authentication to execute high-privilege code, posing severe risks to critical infrastructure where these devices are deployed.
- CyberDanube researchers have identified the issues but report that Novakon has ignored most communication attempts and has not responded to security concerns.
- The widespread deployment of over 40,000 Novakon HMIs globally underscores the potential impact of these vulnerabilities, emphasizing the urgent need for patches and vendor response.
Problem Explained
Researchers at CyberDanube uncovered serious security flaws in industrial control system products manufactured by Novakon, a Taiwan-based company specializing in human-machine interfaces (HMIs), industrial PCs, and IIoT solutions. They identified five critical vulnerabilities within Novakon’s HMIs, including an unauthenticated buffer overflow that could allow remote attackers to execute high-privilege code, directory traversal flaws exposing sensitive files, and weak authentication mechanisms that could grant unauthorized access. These flaws, if exploited, pose significant risks because HMI devices are integral to managing machinery and critical infrastructure like production lines and industrial controls. The security team informed Novakon of their findings, but the vendor has neither responded nor issued patches, leaving these potentially exploitable vulnerabilities unaddressed. Because these devices are often deployed in sensitive environments and are usually not exposed directly to the internet, the extent of the threat remains uncertain, but the lack of vendor action raises alarm about the security of the systems involved.
Risks Involved
The industrial control products manufactured by Taiwan-based Novakon are plagued by critical vulnerabilities uncovered by CyberDanube, encompassing remote code execution, directory traversal, weak authentication, and insufficient protection mechanisms, all exploitable without authentication and capable of granting high-privilege access. These weaknesses, affecting thousands of Novakon human-machine interfaces (HMIs) used in vital data centers and critical infrastructure worldwide, pose severe risks by potentially allowing malicious actors to commandeer systems integral to manufacturing, energy, or automation processes, thereby threatening operational stability and safety. Despite the discovery, Novakon has failed to respond or release patches, leaving these exposed devices vulnerable, which amplifies concerns about the security of interconnected industrial environments and underscores the urgent need for proactive risk management and timely mitigation to prevent catastrophic consequences.
Possible Actions
The security of Novakon HMIs against remote hacking is critically dependent on timely remediation of unpatched vulnerabilities. Addressing these weaknesses promptly is essential to prevent malicious exploits that could lead to data breaches, operational disruptions, or even system takeovers.
Immediate Patch Deployment
Apply available security patches and updates as soon as they are released by the vendor to close known vulnerabilities.
Vulnerability Assessment
Conduct regular scans and assessments to identify unpatched vulnerabilities and understand their potential impact.
Network Segmentation
Isolate HMI systems from other network segments to limit exposure and control access points.
Access Control Enhancement
Implement strict authentication methods, such as multi-factor authentication, and restrict access to authorized personnel only.
Firewall Configuration
Configure firewalls to block unauthorized external connections and monitor traffic for signs of intrusion.
Continuous Monitoring
Establish real-time monitoring systems to detect suspicious activities or attempted breaches promptly.
Staff Training
Educate personnel about security best practices and the importance of maintaining updated system patches.
Vendor Coordination
Maintain active communication with the HMI vendor for timely updates, patches, and security advisories.
Advance Your Cyber Knowledge
Stay informed on the latest Threat Intelligence and Cyberattacks.
Access world-class cyber research and guidance from IEEE.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1
