This could cause power failures remotely: Team82 discovers vulnerabilities in iBoot power distribution units. Almost a third of all Power Distribution Units (PDU) that can be controlled via the Internet are devices from iBoot manufacturer Dataprobe. They are also found in powered switches.
Security researchers at Team82, the research arm of cyber-physical systems (CPS) security specialist Claroty, have disclosed multiple vulnerabilities in iBoot-PDU, Dataprobe's intelligent power distribution unit (PDU). The PDUs can be managed from any location via a web-based interface or a cloud-based platform.
Matching code ensures shutdown
By exploiting the vulnerabilities, attackers are able to remotely execute code and power off all connected devices. Dataprobe has fixed these vulnerabilities in a new version update. Users are strongly advised to update to version 1.42.06162022. To close some of the security gaps, Dataprobe also recommends disabling SNMP, Telnet, and HTTP when not in use.
Power Distribution Units, PDUs
Power distribution units (PDUs) are common devices in industrial environments, data centers, and other areas where power supplies need to be close to rack-mounted equipment. More and more PDUs can be controlled and managed remotely. An attack on a remotely exploitable vulnerability in a PDU component, e.g. B. in the web-based interface or the cloud-based management platform, an attacker can disrupt important services by removing the power supply to the device and subsequently to all devices connected to it. A 2021 report by Censys shows that more than 2.000 PDUs are connected to the internet. Almost a third (31%) of these are Dataprobe devices.
Seven vulnerabilities in iBoot PDUs
Team82 was able to uncover seven vulnerabilities in iBoot-PDU. The research builds on previous work by Team82 on the security of cloud-based management platforms. In July 2021, researchers released a report titled "Top-Down and Bottom-Up: Exploiting Vulnerabilities in the OT Cloud Era," which describes attacks targeting devices via the cloud and vice versa from devices to the cloud systems. The vulnerabilities found in Dataprobe made it possible to expose all iBoot PDU devices controlled via the web interface or from the cloud and remotely attack them, bypass NAT, routers and firewalls, execute code and cut the power. Cyber criminals would also have an entry point into their victims' internal networks.
Important services can be switched off in this way
The disclosure of the vulnerabilities shows the fundamental need to assess the risk from all devices connected to the Internet or the cloud. Even a benign power distribution unit managed remotely over the internet or a cloud-based management platform can offer cybercriminals the opportunity to attack the network or disrupt vital services by cutting power to devices connected to a PDU. This poses an enormous risk, especially for data centers, since PDUs are often used in these to power the servers and other network devices. How an attack on the PDUs looks in detail and further information can be found in the corresponding blog post.
More at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.