OT networks may be compromised with critical KEPServerEX vulnerabilities

SecurityWeek reports that numerous major industrial automation vendors have products affected by two vulnerabilities in PTC's Kepware KEPServerEX product, which could be exploited to compromise operational technology networks. Threat actors could abuse the flaws, tracked as CVE-2022-2848 and CVE-2022-2825, to facilitate server crashes, data exfiltration, and arbitrary code execution through dedicated OPC UA messages to targeted systems, a Claroty report showed. Aside from impacting various PTC ThingWorx offerings, the vulnerabilities also affect the GE Digital Industrial Gateway Server, Software Toolbox TOP Server, and Rockwell Automation KEPServer Enterprise products. "Executing code on a machine running an OPC server puts attackers in a powerful position to further infiltrate the network. There are no special permissions required for simply crashing the server using the exploit. When developing our payload to execute code on the server, we did require at least anonymous permissions to the server in order to execute code. Any server that is exposed to the public internet and not updated could be exploited," said Claroty researcher Uri Katz.