The Claroty research team (Team82) has found seven vulnerabilities in the iBoot PDU of Dataprobe, the company’s intelligent power distribution product.
Power Distribution Units (PDUs) are common devices found in industrial environments, data centers, and other locations where power supplies need to be close to rack equipment.
Team82’s findings show that an attacker could remotely exploit the vulnerabilities in Dataprobe’s offering, either via a direct web connection to the device or via the cloud.
It adds that this would result in unauthenticated remote code execution.
Citing additional recent research from Censys, Claroty says this has shown that over 2,000 PDUs are exposed to the internet, with 31% of them being Dataprobe devices.
The company also notes that an attack on a remotely exploitable vulnerability in a PDU component platform puts the attacker very close to the possibility of disrupting vital services by disrupting power to the device and therefore all devices connected to it.
Dataprobe has fixed these vulnerabilities in a new version update. Users are urged to update to version 1.42.06162022 as soon as possible.
Dataprobe also recommends users to disable SNMP, Telnet, and HTTP when not in use to mitigate some of these vulnerabilities.
ICS-CERT has also issued an advisory.
The release of this study comes after Exclusive Networks, a global digital infrastructure cybersecurity specialist, announced the signing of its partnership with Claroty.
As part of the partnership, Exclusive Networks will offer Claroty’s cybersecurity solutions for industrial, healthcare and commercial environments in key APAC markets including Indonesia, Malaysia, Philippines, Singapore, Thailand, Brunei, Vietnam, Laos, Cambodia, Australia, New Zealand, India and Hong Kong.
According to the companies, this partnership will allow Exclusive Networks and Claroty to work together to secure the cyber-physical systems of connected industrial, healthcare and commercial organizations.
These sectors have become increasingly complex due to the expanded Internet of Things (XIoT) that has created more connectivity, but present cybersecurity blind spots, particularly with legacy IT systems.
Claroty’s cybersecurity solutions are purpose-built for the cyber-physical realm, helping to build resiliency, protection and threat detection.
Exclusive Networks, along with Claroty, will work with customers in APAC to plan, prioritize and execute their cybersecurity investments with properly sequenced integrations that protect and enhance their security operations, the companies said.
Exclusive Networks will make Claroty’s solutions available to partners and end customers across the APAC region.
According to the company, by leveraging its local network of more than 20 offices in 10 countries in the region, Exclusive Networks will work with resellers and system integrators to ensure Southeast Asia businesses, from startups and SMBs to multinationals, are resilient are personal identity protection, in addition to the holistic cybersecurity solutions that Exclusive Networks offers to companies.
