Malicious hackers can remotely exploit a critical vulnerability in a water tank management system utilized by organizations in over 40 countries worldwide, and the manufacturer has not shown any inclination towards fixing the bug.
The compromised product is designed by the water and energy wing of Kingspan building materials firm headquartered in Ireland. The Kingspan TMS300 CS water tank management system employs multiple mediums including screen, web server, application, online portal, or email to offer information on its products. It features wired and wireless multi-tank level measurements, alarms, and internet or local network connectivity.
Kingspan security bug
Earlier this week, Maxim Rupp, a researcher at CISA published an advisory regarding the product impacted by a critical vulnerability due to the lack of adequately implemented access-control guidelines, which allows an unauthenticated hacker to view or alter the product’s settings.
The vulnerability paves a path for a hacker to access the product’s settings without verifying, and by merely searching for specific URLs. These URLs can be identified by browsing the web interface or via a brute force attack, the researcher explained. The flaw tracked as CVE-2022-2757 has received a CVSS score of 9.8.
The malicious hacker attacker can exploit the security bug to alter various settings, including ones related to sensors, tank details, and alarm thresholds virtually from any part of the world, as long as they have access to the device’s web interface, Rupp explained.
According to CISA, the impacted product is used worldwide in the water and wastewater systems sector, and it seems that the exploited settings could allow a hacker to cause some disruption in the targeted organization.
“Kingspan has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact Kingspan customer support for additional information,” the researcher added.
Mitigation Tips
CISA has provided the following recommendations for minimizing the threat posed by these types of vulnerabilities.
• Limit network exposure for all control system devices and/or systems, and ensure they are not reachable from the Internet.
• Locate control system networks and remote devices behind firewalls and isolate them from enterprise networks.
• If necessary, employ secure methods, such as Virtual Private Networks (VPNs), to access the devices.
