Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices

Several vulnerabilities found in Weintek Weincloud could have allowed hackers to manipulate and damage ICS, including PLCs and field devices.

Flipboard

Several vulnerabilities discovered by a researcher from industrial cybersecurity firm TXOne Networks in a Weintek product could have been exploited to manipulate and damage industrial control systems (ICS).

The security holes impact Taiwan-based Weintek’s Weincloud, a cloud-based product designed for remotely managing human-machine interfaces (HMIs) and operations.

According to CISA, which recently published an advisory to inform organizations about these vulnerabilities, the affected product is used by organizations worldwide, particularly in the critical manufacturing sector.

The vulnerabilities were patched by Weintek with an account API update and no action is required from users. Hank Chen, the TXOne researcher credited for finding the flaws, has confirmed for SecurityWeek that exploitation no longer appears possible.

Four types of security holes have been found in Weintek Weincloud, three of which have been assigned ‘high severity’ ratings.

One of them could have been exploited to reset an account’s password by using the corresponding JWT token. Another issue could have been leveraged to log in with testing credentials to the official website by abusing the registration functionality. The third high-severity flaw could be used to cause a DoS condition.

The fourth issue, classified as ‘medium severity’, could have been exploited for brute-force attacks.

Chen told SecurityWeek that under specific — but commonly found — circumstances an attacker could have exploited the vulnerabilities to take complete control of Weincloud instances. Since this is a cloud-based product, remote exploitation from the internet was possible.

“Attackers gain the ability to transfer control of HMIs from the compromised account to their own accounts. Once they gain control of the HMIs, they can manipulate them to control PLCs (programmable logic controllers) and damage field devices,” the researcher explained.

Chen pointed out that these types of vulnerabilities are not specific to Weintek products. TXOne researchers have identified other cloud-based ICS products that are vulnerable to the same type of attacks.

TXOne is presenting its research at the ICS Village at DEF CON 31 next month.

“We want to emphasize the increasing trend of ICS solutions and applications migrating to the cloud, which brings along diverse security concerns similar to those addressed in this [CISA] advisory,” Chen said.

Related: TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems

Related: Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats

Related: Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive."(Marc Solomon)

Sharing threat information and cooperating with other threat intelligence groups helps to strengthen customer safeguards and boosts the effectiveness of the cybersecurity sector overall.(Derek Manky)

Securing APIs is a noble, though complex journey. Security teams can leverage these 10 steps to help secure their APIs.(Joshua Goldfarb)

While silos pose significant dangers to an enterprise's cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency, incident response capabilities, and risk management.(Matt Wilson)

The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise.(Torsten George)

Flipboard

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...