Scroll Top

Major security breaches expose critical vulnerabilities in Honeywell experion DCS and QuickBlox services

vocollect-hon-sign1_1200xx3072-1728-96-0

The cybersecurity landscape faces new challenges as critical security vulnerabilities have been unearthed in two widely-used services: Honeywell Experion distributed control system (DCS) and QuickBlox. These vulnerabilities, once exploited, can lead to severe compromises and unauthorized access to affected systems.

Honeywell Experion DCS Vulnerabilities: Dubbed Crit.IX, a series of nine flaws have been identified within the Honeywell Experion DCS platform. The vulnerabilities enable unauthorized remote code execution, granting attackers complete control over devices and the ability to manipulate the DCS controller’s operations. Compromised alterations to the controller can remain hidden from the engineering workstation managing it. The issues stem from insufficient encryption and weak authentication mechanisms in the proprietary Control Data Access (CDA) protocol, which facilitates communication between Experion Servers and C300 controllers. Exploiting these vulnerabilities allows threat actors to impersonate both the controller and server, exacerbating the potential risks. Additionally, design flaws in the CDA protocol increase the likelihood of buffer overflows, compounding the severity of the vulnerabilities.

QuickBlox Vulnerabilities: In another alarming discovery, major security flaws have been found in QuickBlox, a widely utilized chat and video calling platform employed in various sectors, including telemedicine, finance, and smart IoT devices. These vulnerabilities pose the risk of exposing user databases in multiple applications incorporating the QuickBlox software development kit (SDK) and API. As an example, the researchers discovered vulnerabilities in Rozcom, an Israeli vendor known for its intercom systems. By exploiting the flaws (CVE-2023-31184 and CVE-2023-31185), threat actors were able to download user databases, impersonate users, and execute full account takeover attacks. The implications are significant, as attackers gained complete control over Rozcom intercom devices, including access to cameras, microphones, and the ability to manipulate managed doors.

Mitigation Measures: Users are strongly advised to disable remote administration on their devices to reduce the risk of potential exploitation attempts. Additionally, it is crucial to stay updated with the latest information from service providers and promptly apply any available patches or updates. These measures are essential for minimizing the potential impact of these vulnerabilities and safeguarding systems against unauthorized access and potential data breaches.

As the affected vendors actively work to address these security vulnerabilities, organizations and individuals must remain vigilant, taking proactive steps to protect their systems. Promptly implementing recommended security measures and staying informed about emerging threats will be paramount in maintaining a robust cybersecurity posture.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.