U.S Department of Homeland Security Industrial Control
Systems Cyber Emergency Response Team (ICS-CERT)revealed last week that
Westermo Ethernet industrial switches uses secure sockets layer (SSL)private
keys which are hardcoded and shared across devices.
The Sweden-based company, Westermo is a supplier of high
quality data communications equipment designed for harsh industrial
applications. The firm’s solutions are used across the world in sectors such as
transport, water, energy supplies, mining and petrochemical.
ICS-CERT discovered that using same SSL keys can be used by malicious
actors to intercept and decrypt communications via a man-in-the-middle (MitM)
attack and leverage the information to gain unauthorized access to a vulnerable
device.
Even an attacker with low skill can exploit this flaw if
they manage to launch a successful MitM attack on devices running versions 4.18
and earlier of WeOS, the operating system that powers Westermo’s hardware
platforms.
The attack can affect Falcon, Wolverine, Lynx, Viper and
RedFox.
The company is working on fixing the flaw by including the
automate function of changing the key which will be included in WeOS 4.19 but
for now the vendor has released an update that will allow users to change the
problematic certificate in the web interface of the affected devices.
Meanwhile, users have been advised to update WeOS to the
latest version and upload a custom certificate by following the instructions.
The affected company has also warned its customers to avoid self-signed
certificates and either completely disable web access to the devices or limit
access to secure networks.