On May 28, 2021, TXOne researcher Chizuru Toyama discovered vulnerabilities CVE-2021-23845 and CVE-2021-23846, which affect several Bosch Ethernet communication modules. Modules like these are used to enable assets with bi-directional communication over an Ethernet network, so they have a wide variety of applications in industrial settings. While the designers of such devices carefully consider security during the creation process, no hardware or software is immune to vulnerabilities being discovered after release.
The regular discovery of new vulnerabilities in mission-critical assets definitely represents an added stress factor. It’s important for stakeholders to keep in mind that OT-native cybersecurity technologies supported by security intelligence researchers can add a layer of dependability to ICS environments that prevents vulnerabilities like this from being exploited to disrupt operations, and unlike traditional cybersecurity solutions can offer this level of protection without interfering in productivity. Both of these vulnerabilities have a high severity – CVE-2021-23845 allows an intruder to hijack a user’s session, acting as that user on network services, while CVE-2021-23846 allows a hacker to steal a user’s password.
An intruder exploiting this vulnerability could hijack a user’s session while the user uses the web console for configuration.
- Bosch B426 Firmware < 03.08
- Bosch B426-CN/B429- CN Firmware < 03.08
- Bosch B426-M Firmware < 03.10
Our researcher found that when using an HTTP protocol with this product, the user password is transmitted as a clear text parameter, making it possible for an attacker to steal it by using a “man-in-the-middle” (MITM) attack (in which the attacker reads the communication between two targets).
- Bosch B426 Firmware 03.01.0004
- Bosch B426 Firmware 03.02.002
- Bosch B426 Firmware 03.03.0009
- Bosch B426 Firmware 03.05.0003
Mitigating CVE-2021-23845 and CVE-2021-23846
The best way to mitigate these attacks is to update firmware immediately. If a firmware update can’t be conducted right away, TXOne Networks’ researchers advise reducing affected assets’ exposure to the network. Internet-accessible systems should be firewalled – TXOne’s own EdgeFire is ideal for this purpose, allowing the network to be segmented so that OT assets can only communicate on the basis of need and significantly reducing the risk of cyberattacks based on vulnerabilities like those mentioned here.