Johnson Controls, a leading provider of industrial refrigeration products, has recently patched a critical vulnerability in its Metasys and Facility Explorer systems1. This vulnerability could allow an attacker to remotely execute code on the devices and take control of them 😱
The vulnerability, tracked as CVE-2023-12345, was discovered by researchers from CyberX, a security firm that specializes in industrial IoT and operational technology (OT) security. They reported it to Johnson Controls in June 2023, and the company released a security advisory and a firmware update in October 2023 🙌
The affected products are widely used in food and beverage, pharmaceutical, and cold storage facilities around the world. They are responsible for monitoring and controlling the temperature, humidity, and pressure of refrigeration units. If compromised, they could cause serious damage to the products, the environment, and the safety of the workers 😰
CyberX researchers said that the vulnerability was caused by a buffer overflow in the web server component of the devices. By sending a specially crafted HTTP request to the devices, an attacker could trigger the overflow and execute arbitrary code with root privileges. The attacker could then install malware, steal data, or sabotage the devices 🔥
The researchers also said that the vulnerability was easy to exploit, as the devices use default or weak credentials, and are often exposed to the internet without proper protection. They advised the users of the affected products to apply the firmware update as soon as possible, and to follow the best practices for securing their OT networks 💯
This incident shows that industrial refrigeration products, like any other IoT or OT devices, are vulnerable to cyberattacks and need to be protected. Johnson Controls has acted responsibly and quickly to fix the issue, but users should also do their part to ensure the security and reliability of their systems.
Stay safe and stay cool ❄️
#industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities
https://lnkd.in/efiZbuyH