VPN Security Flaws in Devices Used for Remote Access to OT Networks

Several advisories were posted today concerning recent vulnerabilities disclosed by Claroty regarding VPN remote access devices widely used in industrial environments, including water and electric utilities. Devices from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws. In addition to allowing remote connectivity between sites, these devices are also used to enable remote access into PLCs and other Level 1/0 devices; a practice that has become much more prevalent in light of COVID-19. Claroty comprehensively explains the risks to each device posed by these vulnerabilities in their recent post. In conjunction with the recent alert (AA20-205A), NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems industrial organizations are encouraged to prioritize mitigating these vulnerabilities. Read more about the findings and analysis at Claroty