Vulnerabilities in industrial cellular routers’ cloud management platforms

Issue 2/3 2023 Industrial (Industry), Cyber Security, Security Services & Risk Management

OTORIO, a provider of operational technology (OT) cyber and digital risk management solutions, announced that three significant industrial cellular router vendors have vulnerabilities in their cloud management platforms that expose customers’ operational networks to external attack. This raises questions about the safety of connecting OT to the cloud and suggests a need for standard industry regulations to eliminate such security risks.

An industrial cellular router allows multiple devices to connect to the internet from a cellular network. It is commonly used in industrial settings, such as manufacturing plants or oil rigs, where traditional wired internet connections may not be available or reliable. Vendors of these devices employ cloud platforms to provide customers with remote management, scalability, analytics and security.

However, OTORIO’s research found 11 vulnerabilities in the cloud platforms studied, allowing remote code execution and full control over hundreds of thousands of devices and OT networks – in some cases, even those not actively configured to use the cloud.

OTORIO Security Researcher, Roni Gavrilov, shared key findings and remediation tips at Black Hat Asia 2023 (a white paper on the topic is available here).

“As the deployment of IIoT devices becomes more popular, it's important to be aware that their cloud management platforms may be targeted by threat actors,” said Gavrilov. “A single IIoT vendor platform being exploited could act as a pivot point for attackers, accessing thousands of environments at once.”

OTORIO discovered a wide range of attack vectors based on the security level of the vendor's cloud platform, including several vulnerabilities in M2M (machine-to-machine) protocols and weak asset registration mechanisms. In some cases, these security gaps enable attackers to:

• Gain root access through a reverse-shell.

• Compromise devices in the production network, facilitating unauthorised access and control with root privileges.

• Compromise devices, exfiltrate sensitive information, and perform operations such as shutdown.

Some attacks require identifiers like Media Access Control (MAC) address, serial number or International Mobile Equipment Identity (IMEI) to breach cloud-connected devices, but others do not. One serious issue affecting all three vendors is that their platforms expose devices that have not been configured to use the cloud. Furthermore, breaches of these devices may bypass all the security layers in the Purdue Enterprise Reference Architecture Model for several different vendors.

Find out more at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The role of AI in industrial plants
Industrial (Industry)
The average modern industrial plant uses less than 27% of the data it generates, but industrial AI can play a major role in identifying patterns and making process predictions through new software platforms that simplify convergence and analysis of OT/IT/ET data.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Integrated guarding services
XtraVision Integrated Solutions Access Control & Identity Management Industrial (Industry)
XtraVision offers a few tips on how to go about planning and setting up an integrated approach to sustainable and successful security services, from the initial risk assessment to the technology and people required.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.

NEC XON appoints Armand Kruger as Head of Cybersecurity
News Cyber Security
NEC XON has announced the appointment of Armand Kruger as the Head of Cybersecurity. Kruger will oversee all cybersecurity offerings including cybersecurity strategy, programmes, and executive advisory.