Security researcher Mandar Jadhav who works for a California based information security company has revealed numerous flaws in Westermo’s industrial routers. According to the advisory revealed by the ICS-CERT, Westermo MRD-305-DIN (versions older than 18.104.22.168), MRD-315, MRD-355 (versions older than 22.214.171.124), and MRD-455 (versions older than 126.96.36.199) industrial routers are vulnerable to exploits compromising critical industrial sector networks. The vulnerabilities include Use of Hard-Coded Credentials, Cross-Site Request Forgery (CSRF) and Use of Hard-Coded Cryptographic Key.
These routers are widely used in critical industrial sectors such as water treatment, railways, roads & tunnels and substation automation. The whole range of Westermo’s industrial routers that are exposed to serious flaws offer remote access solutions for connecting multiple remote sites.
Impact of the Detected Vulnerabilities in Westermo’s Industrial Routers:
According to the details provided by Mandar Jadhav, the impact of the vulnerabilities are quite severe. His revelations show that the attackers could use the vulnerabilities to obtain and use Hard-Coded Cryptographic Keys to decrypt the traffic that is safeguarded by these keys. In such a scenario, the malicious actor may gain administrative privileges further exposing the network systems to specially crafted attacks.
The Westermo’s Industrial Routers are also vulnerable to Cross Site Request Forgery which can cause undesired network breaches. In such a scenario a user might be misled to an infected website which has an interface that looks just like the device web management interface. Now this would allow the malicious actor to perform any changes to the system controls with the same privileges as the authenticated user.
There is no doubt that the vulnerabilities that the Westermo’s industrial routers are exposed to have a severe impact on the security of the networks of critical sectors. Taking this into consideration the NCCIC/ICS-CERT recommends that users reduce exposure of control system devices to the rest of the industrial networks and the internet.
It is also recommended that the best practices must be taken into consideration when remote access is required. The secure methods include usage of virtual private networks (VPNs) while accessing systems remotely. However, while using VPNs for remote access one must not ignore the fact that they are updated to the most current version available.
Westermo, the creators of the affected industrial routers have also recommended its esteemed users to update their router firmware to version 188.8.131.52, which can be found here.