Researchers from Team82 uncovered critical flaws in Dataprobe’s iBoot power distribution unit. As a result of the flaws, the threat actors were able to control and cut off the electric power to the systems or other connected devices, potentially impacting the targeted firms.
Team82 is the research division of Claroty, an industrial cybersecurity firm, that found seven vulnerabilities. One of these vulnerabilities is responsible for granting access to malicious actors invading systems to execute some malicious source codes.
The iboot power distribution unit is a cloud service that allows its users real-time control of the outlets from any location through web interfaces, Telnet, and SNMP.
According to Census Report 2021, over 2000 power distributing units were connected to the internet, with Dataprobe devices accounting for 31% of the total.
The iBoot power distribution unit was mentioned in the report by Team82, which can be managed remotely through web interfaces if the device is not connected directly to the internet, or through a cloud-based infrastructure that allows access to the device’s management page if the device is not directly connected to the internet.
Cyber attackers exploited this feature and gained access to platforms such as web connections and the cloud to remotely exploit vulnerabilities. Such exploitation of the vulnerabilities also permitted the attackers to bypass Network Address Translation (NAT) and firewalls and invade businesses through smart connectivity channels.
The CISA, U.S.-based cybersecurity and infrastructure security agency, circulated an advisory to the organization, which included information about these seven vulnerabilities, such as the deployment of these critical flaws all across the world, including in the manufacturing sector.
The CVE identifier assigned to the seven vulnerabilities is CVE-2022-3183 through CVE-2022-3189. The issue involves OS command injection, path traversal, sensitive information exposure, improper access control, incorrect authorization, and server-side request forgery (SSRF).
A new firmware version of the issue has been released by the vendors, 1.42.06162022, to describe the problem. There was a recommendation from Dataprobe for all users to update the firmware to the latest version and also to disable the Simple Network Management Protocol (SNMP), which is used to monitor the network.